Will you survive the certificate war between Google and Symantec?
Self-signed certificates: wolves in sheeps' clothing

What are SSL certificates?

SSL certificates are gatekeepers of internet security. These digital entities secure information by performing the two following functions:

Encryption: SSL certificates encrypt data in transit using Secure Sockets Layer (SSL) technology. This means the communication between you and the website you've reached out to remains absolutely private.

Authentication: SSL certificates certify the validity of an organization so you can be sure that you've reached the correct website and feel safe sharing any private information.

SSL certificates are generally issued by trusted third parties called Certificate Authorities (CAs), which ensure that a website is legitimate.

Self-signed SSL certificates and the risks associated with them.

SSL certificates can also be issued within an organization itself, meaning you can generate your own certificates using tools such as OpenSSL or Keytool. Such certificates are called self-signed certificates. While it might appear quite easy and safe to use your own certificates, there is a huge amount of risk involved with self-signed certificates. But when you're the master of your own private keys, how could they not be safe?

Here's why you shouldn't use self-signed certificates on your websites:

  • Website spoofing due to compromised keys: Since self-signed certificates are generated internally, you are entrusted with the sole responsibility of protecting your users' data. If you don't keep track of your private keys, they might land in the wrong hands, allowing attackers to easily spoof your websites and steal customers' data.
  • Browser security warnings: Browsers only trust SSL certificates signed by a third-party CA. If you use self-signed certificates, browsers will display security warnings, which might cause users to assume that your website isn't safe. This could be a great blow to your organization's reputation.

Identify and replace self-signed certificates.

If you're using self-signed certificates on your websites, you have to run a scan, filter the self-signed certificates, and replace them with certificates issued by a trusted CA. Although this process is daunting and error-prone, an automated certificate management solution can remove all the hassle.

Key Manager Plus, a web-based SSH key and SSL certificate management solution, simplifies the entire process. Using Key Manager Plus you can:

  • Run a scan and filter every self-signed certificate in your network.
  • Generate requests for trusted CA certificates using our certificate request tool.
  • Consolidate new certificates and install them on domain servers directly from the product interface.
  • Track and monitor certificate usage and expiration.

In addition, Key Manager Plus is integrated with the CA Let's Encrypt, so you can acquire Let's Encrypt certificates and install them on your websites directly from Key Manager Plus. That way, Key Manager Plus breaks down the whole process of filtering and replacing self-signed certificates into a few simple steps. Click here to learn more about our Let's Encrypt integration.

So go ahead and click here to give the trial version of Key Manager Plus a shot! If you have any questions or need assistance, please email us at keymanagerplus-support@manageengine.com.