?
Solved

Self-signed certificates

Posted on 2014-11-13
2
Medium Priority
?
113 Views
Last Modified: 2014-12-01
Can someone explain to me about self-signed certificates.

I was told it is just used internally and it is cheaper than SSL.

I thought it is simply used internally on a Microsoft environment, for logons and accessing resources on the network.

Thanks
0
Comment
Question by:techgenious
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 23

Accepted Solution

by:
Michael Fowler earned 2000 total points
ID: 40441731
Wikipedia has a good entry on this
http://en.wikipedia.org/wiki/Self-signed_certificate

It is worth noting that most browser will display a warning when encountering a self signed certificate
https://www.globalsign.com/ssl-information-center/dangers-of-self-signed-certificates.html

and finally here is another link
http://webdesign.about.com/od/ssl/a/signed_v_selfsi.htm
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 40441811
Self-signed certificates are generally certificates generated by the device/machine that needs it. Many firewalls will generate a "self-signed" certificate on first boot-up, for example. They are not signed by any CA, so establishing a chain of trust is not scalable at all. They are usually used for test labs only because of this limitation.

Many people also refer to internally issues certificates as "self-signed" although this terminology is abused and inaccurate. For larger organizations, it is perfectly normal to stand up an internal CA and issue certificates for clients, servers, users, and more. Any machine that trusts the CA will trust all certificates issued to is, so this is far more scalable. But external machines will still throw an error since they don't trust the CA. So you'll often see this type of deployment for resources that are internal to a network (not necessarily Microsoft) where centralized policies can push out the CA's root certificate and establish trust. Deploying an enterprise (not guest) WiFi with WPA2-Enterprise, for example. Or signing internal LOB applications, updates, various management agents, etc.

The benefit of this over a wildcard public cert is that individual certificates can be revoked as needed. Have a laptop stolen? Instead of revoking the wildcard cert, you revoke the certificate used to authenticate that laptop on the corporate wireless network. Far less intrusive and far more scalable.

Then, there are public certs, which I've never heard anybody refer to as self-signed. The only difference between these and internally signed certificates is that a public CA has paid companies money and passed certificates so their root certs are pre-installed in browsers and are trusted. That is why, when you visit a site that has a certificate from GoDaddy, you don't have to install the GoDaddy root cert (or starfield, or whatever.) It behaves the same otherwise. It still checks the chain for trust. Just the root is already trusted.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Table of Contents: Lesson 1 - Installing Windows Server 2012 (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2012/A_11592-Become-an-Administrator-Installing-Windows-Server-2012.html) Lesson 2 - Configuring Ser…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question