Get your FREE copy of "The Ultimate Guide of SSL"

Download Ebook

Self Signing Certificates

What is Self Signing Certificate?

A self Signing Certificate is an identity that is signed by its own creator and in technical words, it is one signed with its own private key. These certificates are considered as less trustworthy and can be revoked.

When Self Signed Certificates should be used?

  • For something that is less-risk than a bank they should be allowed to self-sign
  • Development uses only
  • Self signed certificates can be used on an intranet
  • On personal sites with few visitors

Requirements to generate Self Signing Certificate

  • Openssl library
  • Make sure OpenSSL is installed

How to create Self Signed Certificate?

How to Create a Self Signed Certificate in IIS?

SSL establishes trust and ensures customers for a safe visit and transactions over the net. We highly suggest you not to use a self-signed certificate for any e-commerce site or any other sites which require sensitive data like bank or credit card information. If you want to create a self-signing certificate in IIS.

Read More……

How to Create an Apache Self Signed Certificate?

SSL is an important factor to encrypt all web traffic sent to and from your Apache web site. It secures all personal data and communication between users and web servers. Before creating a self-signed certificate make sure that you have installed OpenSSL in your system. Now check these step by step guidelines.

Read More……

How to Create a Self Signed Certificate Using Java Keytool?

SSL Certificate is also important to secure java application using a self-signing certificate. In most cases, you must use a CA verified certificate but you can also use a self-signed cert to secure your java app.

Read More……

How to create a Self Signed Certificate for Tomcat?

SSL certificates are required to protect web pages and sensitive data from attackers. A self-signed certificate can be useful to encrypt data in tomcat. Here are easy steps to create a self-signed certificate for tomcat –

Read More……

How to create a Self-Signed SSL Certificate for Exchange 2003/2007/2010 on Windows Server?

A Self-signed certificate is prepared for a limited-access environment like to access webmail and also useful for a test environment. Here is a step by step procedure to create a self-signed certificate for exchange 2003/2007/2010 on window server.

Read More……

How to Install a Self Signed Certificate?

Self signed certificates have different techniques to install for different platform like Windows, Apache etc. So we discuss this one by one.

A. Installation of Apache Self Signed Certificate

SSL is an essential factor to secure user’s sensitive data on the web. A Self signed certificate also useful to keep security like webmail etc. If you have created self signed certificate and then, in the next step, you just need to configure your Apache virtual host to use the SSL certificate. If you only have one Apache virtual host to secure and you have an ssl.conf file being loaded, you can just edit that file. Otherwise, you will need to make a copy of the existing non-secure virtual host, paste it below, and change the port from port 80 to 443.

Read More……

B. Installing Self-Signed CA Certificate in Window

If you want to use a self signed certificate to secure your web-mail. Here is step by step guidelines to install a self signed certificate without facing any error –

Read More……

C. Installation of Self-Signed Certificate in IIS

Once, you have created a self signed certificate, now it’s time to install this cert in your IIS. Just follow this simple steps to install an error free self signed certificate in IIS-

Read More……

D. Installing Self-Signed Certs in Internet Explorer (IE)

When self-signed certificates are installed on the server, configure Internet Explorer to work with these self-signed certificates.

Read More……

E. How to install Self Signing Certificate for Tomcat

SSL Certificate is a latest & essential technology to secure web browsers and web servers over the net. A self signed certificate also pay enough security to secure communication on web server like webmail. If you have created a self signed certificate and want to configure in your tomcat server, here are simple steps, just check it out –

Read More……

F. How to Use a Self Signed Certificate in Exchange 2003/2007/2010

A self signed certificate is free and best tool to secure your webmail communication like exchange 2003/2007/2010. If you have created a Self Signed SSL and want to configure it in your MS Exchange, here are simple steps to install error free certificate –

Read More……

G. How to create and import Self-Signed Certificate to Android Device

Check out following steps to create a self signed certificate and import it to your android device withour any error. Due to a bug in android internal code you need some extra steps while generating your certificate. Otherwise your self-signed certificate will not show up under “trusted credentials” in android menu.

Read More……

Self Signing Certificates & Resolving its Errors

A. Self Signing Certificates Errors

  • Errors in the Hosted Projects window
  • Trust a self-signed certificate
  • SSL certificates and Mercurial
  • SSL certificates and Git
  • Windows

B. Resolving Self Signing SSL Certificate Errors

If you’re using a self-signed certificate on your repository server, you may receive SSL certificate errors when you try to perform certain actions. This page will help you resolve this errors using Safari Browser.

Errors in the Hosted Projects Window

You may see an error like this when you have added a hosted project which has a self-signed certificate, such as a company Stash server:

stash-server-ssl-error
To resolve this, check the ‘Trust a self-signed certificate’ section below.

Trust a Self-Signed Certificate

To trust a self-signed certificate, you need to add it to your Keychain. The easiest way to do that is to open the site in question in Safari, upon which you should get this dialog box:

safari-can-not-verify-identity-of-website
Click on ‘Show Certificate’ for the full details:
self-signed-root-certs-in-safari
If the certificate looks good to you, check the ‘Always trust <name> when connecting to <server name> and click ‘Continue’.

You will be asked to provide your password to authorize the addition of this certificate to your keychain, after which both Safari and the Hosted Projects window will accept the SSL certificate as valid.

SSL Certificates and Mercurial

Self-signed certificate problems in Mercurial appear like this:

      SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

However, these are warnings at the time of writing and will therefore not prevent you from using the server. It is advisable however to add the self-signed certificate to your keychain anyway, see ‘Trust a self-signed certificate’ above.

SSL Certificates and Git

Self-signed certificate errors in Git include the following text:

      SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Git doesn’t use the Mac OS X keychain to resolve this, so you need to trust the certificate explicitly.

  1. If you haven’t done so already, follow the steps in ‘Trust a self-signed certificate’, above
  2. Open Applications > Keychain Access and select ‘Certificates’ in the lower-left pane
  3. Type the website into the Search field in the top-right
  4. Select the certificate entry for the website, then in the menu click File > Export Items
  5. In the Save dialog, change ‘File Format’ to ‘Privacy Enhanced Mail (.pem)’ and save the file somewhere on your drive
  6. Edit your ~/.gitconfig  and set this:

[http]

sslCAInfo=/path/to/your/certificate/file.pem

Note: if you have more than one self-signed certificate that you need to trust, you can multiple-select them in item 4 and export them all as one .pem file.

What’s the risk of using Self-Signed SSL?

You may receive an immediate benefit by cost saving but in long term you will realize that it is turning out into a costlier approach. Self-signed certificates secretly increases your expenditure in a way that it proves out to be costlier in terms of security hardware, software management, place of data center and much more. Here are some risks of using self-signed SSL for public as well as internal sites –

Risk of Using Self-Signed on Public Sites
  1. Security warnings may increase 
  2. Brand Reputation & customer trust ca be damaged
  3. Fear of credentials security
Risk of Using Self-Signed on Internal Sites
  • Security Issues
  • Policies and systems consider invalid
  • You can’t revoke a self-signed certificate
  • Easier to impersonate or hack
  • Browser warnings
  • Brand reputation issue
  • Self signed certificate may invite unwanted threats

How to avoid risk of using Self Signing Certs

The best way to avoid the risk of using a self signed certificate is to adopt an SSL Certificate issued from a trusted Certificate Authority that protect your website, make a strong brand reputation and customer trust. A self signed certificate may lead to badness, and cause your company images.

Disclosure: AboutSSL appreciates your continuous support. It helps us tremendously to keep moving in the competitive SSL industry. Here most of the links which direct you to buy any SSL/TLS related service or products earns us a certain percentage of referral commission. Learn More