Technically, Self Sign SSL Certificate means a certificate which is signed by the same individual whose identity it certifies. It means that the private key is signed by the owner of the certificate him/herself (not by trusted Certificate Authority). A self-signed certificate is free of cost, thereby encourages website owners to secure their website. If you have a website that has limited pages and limited users, then self-sign SSL certificate can be a good option for you.
Drawbacks of Self Sign SSL Certificate
In Public Key Cryptography Infrastructure (PKI), the Certificate authority must trust the certificate signer to secure the private key & to transmit information online. But in self-signed SSL certificates, the CA will not able to identify the signer and it won’t trust it. Due to this, the private key will no longer remain secured. This invites the cyber criminals to attacks on that website and to steal the information.
If the self-signed SSL certificate is installed on the e-commerce website, the users will feel the risk of data theft and might choose not to buy. This can affect the business and owner’s reputation as well.
In August 2014, Google announced that self-signed SSL certificate will not be considered as HTTPS signal. Google found that self-signed certificates cannot be as HTTPS signal because of the less security that it offers. Finally, they decided to flag it off from HTTPS ranking signal.
Websites which collect user’s sensitive and personal information should not install the self-signed SSL Certificate.