I see this a lot on places like Slashdot, people’s blogs, mailing lists, etc. “SSL Certificates are worthless, self-signed certs are perfectly fine, Verisign are a rort charging money for nothing.” – and it’s completely false.

Simplified, SSL certificates consist of two main security properties – property #1, they facilitate public key encryption, which secures the transmission between you and a foreign entity from interception by a third party, and property #2 – they verify that the foreign entity on the other end is infact the server you want to be transmitting data to (ie, they are who they say they are.).

Both of these principles work in tandem – each server certificate is signed by a higher authority who vouches for the identity of the bearer; they are “signed” using cryptographic principles which prevent them from being tampered with. If a trustworthy third party cannot verify the certificate; then you do not know that the other party is really who you want to send data to.

While verification of identity has slipped with the price of certificates; you can be assured that the provider has at least verified the requestor is affiliated with the domain in question (ie; you cant just go out and get a certificate in paypal.com’s name). The stronger certificates, such as “EV” certificates (which get a green browser bar in modern browsers) – still require a full identity check.

This means, when you see that little padlock and dont get a self-signed warning; you know that the server you are speaking to is at least affiliated with the domain in question.

Which brings us to self-signed certificates. These are missing that little bit of verification – and the problem is, encryption’s purpose is to hide data from untrusted third parties; however with self-signed certificates, you dont know who you are communicating with in the first place – and hence the encryption is effectively worthless.

It’s quite possible for an attacker to generate a self-signed certificate in an identical name to the self-signed certificate you made, and then ‘proxy’ the connection; seeing the encrypted data, with you none-the-wiser. The only way of telling them apart would be to examine the certificate fingerprint; however there are no real effective ways of validating the fingerprint of a site easily.

You might ask where would an attacker be able to do this kind of intercept if they didnt work at say an ISP between you and the server, and a very common answer would be wireless hotspots and public networks. The same techniques which allowed an attacker to replace every image served on the DEFCON conference WiFi network with Goatse are the exact same techniques that would allow you to do a SSL-interception on a self-signed certificate.

So no – while the faux-SSL would raise the difficulty level slightly; it is not securing the connection; only a certificate signed by a trusted independent third party is secure. That does not have to be a subsidiary of verisign – but it does have to be a group who provide enough identity verification that they don’t hand out certificates to anyone who asks for one.

The default trusted authorities (CA’s) included in most major browsers consist of groups who provide some degree of identity verification. The browsers decisions on which CAs to include are based on this principle more than any other.

This also means, when Firefox shows you a big warning saying ‘This site has a screwed up security certificate’ – take heed. It’s saying it for a reason; the site isn’t secure.

Edit: for those who still dont believe self-signed certificates can be forged quickly or easily, read this.