The Dangers of Self-Signed SSL Certificates

What's the risk of using self-signed SSL?

Many organizations are tempted to use self-signed SSL Certificates instead of those issued and verified by a trusted Certificate Authority mainly because of the price difference. Unlike CA issued certificates, self-signed certificates are free of charge. What most users are not aware of is that self-signed certificates can end up costing them more in the long run.

While self-signed SSL Certificates also encrypt customers' log in and other personal account credentials, they prompt most web servers to display a security alert because the certificate was not verified by a trusted Certificate Authority. Often the alerts advise the visitor to abort browsing the page for security reasons.

self-signed-warning.jpg

Example security warning from self-signed SSL Certificate

Risk of Using Self-Signed on Public Sites

The security warnings associated with self-signed SSL Certificates drive away potential clients for fear that the website does not secure their credentials. Both brand reputation and customer trust are damaged.

Risk of Using Self-Signed on Internal Sites

While the dangers of using self-signed certificates on public sites may be obvious, there is also risk to using them internally. Self-signed certificates on internal sites (e.g., employee portals) still result in browser warnings. Many organizations advise employees to simply ignore the warnings, since they know the internal site is safe, but this can encourage dangerous public browsing behavior. Employees accustomed to ignoring warnings on internal sites may be inclined to ignore warnings on public sites as well, leaving them, and your organization, vulnerable to malware and other threats.

Avoid the Risk

Using SSL Certificates issued from a trusted Certificate Authority eliminates scary browser security warnings, protecting brand reputation and customer trust, as well as encouraging safe employee Internet behavior. GlobalSign offers the full range of SSL Certificates to meet the needs of every organization. Visit GlobalSign SSL to learn more.