A self signed certificate is an identity certificate that is signed by the same entity whose identity it certifies. In technical terms a self-signed certificate is one signed with its own private key.

A self-signed certificate is not signed by a certificate authority (CA).

These certificates are easy to create and are free.

When not to use them

There are big inconveniences since they do not provide all of the security that certificates signed by a CA provide.

Your visitors that will see a warning in their browser. Website visitors who bypass such warnings are exposed to a risk that a third party could intercept traffic to the website using the third-party’s own self-signed certificate. This is a type of man-in-the-middle attack, and it allows the third party to read and modify all data sent to or from the website by the target user.

Your business should not rely on self-signed certificates since you loose credibility and prestige.

A certificate authority tells your customers that this server information has been verified by a trusted source and not just the company that owns the website. Basically, there is a 3rd party company that has verified the security information.

Nearly every web browser checks that an HTTPS connection is signed by a recognized CA. If the connection is self-signed, this will be flagged as potentially risky and error messages will pop up encouraging your customers to not trust the site, even if it is, indeed, secure.

Why using them.

Advantages of a self-signed certificate: similar to the CA certificates, it uses encryption therefore he data is sent over an HTTPS connection, or SSL.

You can also use self-signed certificates for situations that require privacy, but people might not be as concerned about. For example test projects, comment forms, collecting personal but non-financial PIA on forms where the only users are people who know and trust you, like on a company intranet. I use it to secure my router.

If You’re Doing E-commerce, You Need a Signed Certificate

Create a self signing certificate.

You need Open SSH: on RHEL, Centos sudo dnf install openssh. On Debian family: sudo apt-get install openssh.

Generate the private key.

openssl genrsa 1024 > jazio-ssl-self-signed-certificate.key
openssl req -new -key ./jazio-ssl-self-signed-certificate.key > jazio-ssl-ssc-certificate.csr

##Generate the x509 certificate for 1 year.

X.509 certificates are a generic, highly flexible format. SSL (now known as “TLS”) uses X.509 certificates. A “SSL certificate” is a certificate whose contents make it usable for SSL (usually, usable for a SSL server).

openssl x509 -in jazio-ssl-ssc-certificate.csr -out jazio-ssl-ssc-certificate.crt -req -signkey jazio-ssl-self-signed-certificate.key  -days 365