Thursday, October 1, 2015

Why Can't We Just Use Our Own Self-Signed SSL Certificates?

Well, we can. But it only works for our own development environment. For "live on the web", browsers won't automatically recognize and trust the thing. And your site visitors will run away looking at those horrifying alert. Not literally.

The SSL (Secure Sockets Layer) was brilliantly invented in 90s as a method to encrypt the data being transported, to obfuscate the communication between computer network nodes, so that not much of conversation can be "heard". To secure the line.
Nowadays, it becomes the sign for "web of trust".

The web is full of people, by people we meant bots and small percentage of living beings, some are really funky, so, that happened. The we-don't-trust-the-web-unless-*.
Hence, the mechanism of SSL-ing the web connection becomes the signal of trust.

This topic (SSL, Cryptography in general) is a very complicated, and to us, also a fascinating field. It's an advanced Mathematics-based logic. Well, logic is Math-based. Mostly. But we didn't really write numbers, first. Maybe.


Not directly related

This is more like waste management industry. You know, there's so much pollution, then boop! Brand new engineering field. Which is a very good solution.

The pollution on the internet is actually our own sweet human psychology. We are truly sweet free-will-ed creatures. With the "dreams" and all.
This can be an idea for your dissertation. Or, a scientific journal/diary. Or, just writing on the wall.
This area of human interests can be further dug really really, we mean like, REALLY, deeply. It will surely mutate as time passes by. But some primal instincts and behaviors are pretty much static.


Back again

About that self-signed certificate.

This is mainly a business model. The SSL certificates signing.
It's one of the industries of the web.

Let's make an analogy. Um.

We can always draw "money" on papers, cut them, so that they look like money, and use them as our own currency. But those can't be used to actually buy things from the store.

We can also stack tons of papers with "money" drawn on them, but we can't like, say, hey, I'm sort of rich! And laughing like a maniac.
Of course you can.

The consensus process, the validation from "legitimate" people, the authorities, is needed so those "local money" of ours will be accepted as a method of payment in public.

It's maybe not the best story telling, but that's pretty much how the certificate can be trusted and (by default) included on browsers and operating systems — the client part.

The legitimate third party validation process costs money, therefore, we need to pay for it. Plus the service markup.
Creating self-signed SSL certificate is, well, we can learn the methods. But the most important "general trust" won't be automatically attached to it.


How about that boosting SEO?

That has tiny weeny correlation. You can make a blank site with https connection.

Implementing the secure line is more about protecting our internal communication to and from our server(s).
Who wants to crack a 1 unique visitor per year blog?
Except if you're in cracking training camp or having that super-symmetry moment of a one button click.

SEO (Search Engine Optimization) is about the relevant content, historically.
Now, it's all about stuffing your post with lots of dynamic hidden keywords, dynamic referral links (search terms), and so on.
Not really. It's a bad practice to do that.


Useful links

  • Why are SSL/HTTPS certificates so expensive?

    An archived post on Reddit.

  • What are the benefits of a more expensive SSL certificate?

    Discussion on Webmasters StackExchange.

  • Is there any technical security reason not to buy the cheapest SSL certificate you can find?

    Discussion on Security StackExchange.

  • How to decide where to purchase a wildcard SSL certificate?

    Discussion on ServerFault StackExchange.

  • Transport Layer Security concept, history, and development on Wikipedia.
  • The concept of root certificate on Wikipedia.
  • Self-signed certificate on Wikipedia.

No comments:

Post a Comment

Tell me what you think...