A self-signed certificate is an SSL certificate created and signed directly by the server owner, without the involvement of a certificate authority. From a technical point of view, it does not differ from a regular certificate, meaning it provides encryption and establishes connections via the HTTPS protocol. However, browsers do not trust such certificates because they are not confirmed by a trusted third party. As a result, when a user visits the site, a large red warning about a security error appears. This is precisely why self-signed certificates should not be used in production environments.
When self-signed certificates are useful
The first and most common use case is the development process. When developers work on a local computer or internal test server, they use self-signed certificates to test the HTTPS protocol. The second scenario is services within an internal corporate network, such as an internal API server or internal monitoring panel. In this case, the certificate is used only by company employees, and it can be pre-installed on their computers. The third scenario is IoT devices and embedded systems that are not always connected to the internet and operate in an isolated network.
The process of creating a self-signed certificate
Creating a self-signed certificate using the OpenSSL utility is very simple. First, a private key is created, then a CSR (certificate signing request) is prepared based on it, and finally a self-signing command is executed. During the process, the certificate validity period, domain name, organization information, and other parameters are entered. The created certificate is usually saved in CRT or PEM format and then added to the web server configuration.
Risks in production
Using a self-signed certificate in production carries several serious risks. First, users who see the warning immediately leave the site and switch to competitors, which sharply reduces conversion. Second, Google and other search engines lower such sites in their rankings, and sometimes do not show them at all. Third, there is no protection against man-in-the-middle attacks. Fourth, payment systems and other important integrations do not work with such sites.
Sayt.uz practice
Sayt.uz hosting clients receive Let's Encrypt certificates completely free and automatically installed. Renewal happens automatically every 60 days. Commercial DV certificates start from 89 thousand soum, OV from 290 thousand soum, and EV from 890 thousand soum. Our specialists install certificates in 20 minutes in 99 percent of cases. Migration from self-signed to a trusted certificate is performed free of charge.