Technically Self Sign Certificate means the certificate is signed by the same individual whose identity it certifies. Here, in signing procedure the private key is signed by the owner of the certificate itself (not by trusted Certificate Authority). Self sign certificate comes up with free of cost which encourage internet users to secure website with free SSL Certificate.
If a website which has limited pages and less number of user, then self-sign SSL certificate is a good option.
Drawbacks of Self sign SSL Certificate
In Public Key Cryptography Infrastructure (PKI), Certificate authority must trust the certificate signer to secure the private key & to transmit information online over internet. But in self sign SSL certificate case, the CA is not able to identify the signer and it won’t trust it, due to this the private key will no longer remain secured and get compromised as well. Now this helps cyber criminals to attacks on that website and to steal the information.
If the self-signed SSL certificate installed on e-commerce website, the users will feel risk of data and information theft and quit their shopping which affect the online business and owner’s reputation as well.
Recently Google Announced Self-signed SSL certificate will not be considered as HTTPS signal, on August 2014, Google announced websites with HTTPS/SSL will earn a ranking boost in SERP and due to this move over 1% query have been affected. Google investigated Self-signed certificates doesn’t worth as HTTPS ranking signal due to its less security and trust factor. Finally, they decided to flag it from HTTPS ranking Signal.
Website which collects user’s sensitive and personal information should not install the Self-Signed SSL Certificate. Banking, E-commerce, Social Media, Health Care, Government Sectors are one of them.