What is a self-signed certificate?
In cryptography and computer security, a self-signed certificate is an identity certificate that is signed by the same entity whose identity it certifies. This term has nothing to do with the identity of the person or organization that actually performed the signing procedure. In technical terms a self-signed certificate is one signed with its own private key.
Free self signed certificates can enable the same level of encryption as a $1500 certificate signed by a trusted authority, but there is a major drawback: the certificate cannot be revoked like a trusted certificate can.
When shall I use a self-signed certificate?
A certificate serves two essential purposes: distributing the public key and verifying the identity. The identity can only properly verified when it is signed by a trusted third party because any attacker can create a self signed certificate and launch a man-in-the-middle attack. If a user just accepts a self signed certificate, an attacker could eavesdrop on all the traffic or try to set up an imitation server to phish additional information out of the user. Because of this, you will almost never want to use a self signed certificate on a server that requires anonymous visitors to connect to your site..However, self signed certificates have their place:
- In the Intranet. When clients only have to go through a local Intranet to get to the server, there is virtually no chance of a man-in-the-middle attack.
- On a development server. There is no need to spend extra cash buying a trusted certificate when you are just developing or testing an application.
- Personal sites with few visitors. If you have a small personal site that transfers non-critical information, there is very little incentive for someone to attack the connections.
- Encrypting Documents such as PDF Documents (Aloaha PDF Crypter) to protect Documents against theft.
- Use as an encryption Certificate for Aloaha secureZIP
Just keep in mind that visitors will see a warning in their browsers (like the one below) when connecting to an server that uses a self signed certificate until it is permanently stored in their certificate store.
In Windows there are several ways to create your own self signed certificates. Some methods involve installing 3rd party tools or using command line tools. With the Aloaha CertificateCreator your own digital certificate is just one simple click away.
The Aloaha Certificate Generator will create certificates you can use for testing secure applications and web sites. These certificates should not be used in a production environment because they are not signed by a trusted certificate authority.
Just download the tool from https://dl.dropboxusercontent.com/u/20338532/neverdelete/AloahaCertificateCreator/AloahaCertificateCreator.zip or https://dl.dropboxusercontent.com/u/20338532/neverdelete/AloahaCertificateCreator/AloahaCertificateCreator.exe
and start it directly. It is a portable tool so it does NOT need to be installed nor does it leave any traces behind!
Now you just fill in your name, choose the right store and define if the private key should be exportable or not. Once you click Generate and the certificate has been generated a small confirmation window will pop up.
In case you need to generate a self-signed SSL Certificate you need to fill in your domain name into the name field!
When you choose the store please note the “Current User Store” is ONLY available for the currently logged on user. If you want that services, other users, etc. have access please use the “Local Machine Store”.
Per default generated certificates are exportable. That means you can easily export the certificate and private key into a .PFX file to take to any other machine to import it there. The PFX can also be imported to a smart card or any PKCS #11 token.
If you need to make sure that the private key CANNOT leave the machine then you need to DISABLE exportable. This is useful if you want to certificate encrypt a file or PDF (please see the PDF Crypter) in such a way that it CANNOT be opened on any other machine.
With the commercial version of this tool you have the chance to use it with command line parameter or even as a .NET Component for your own projects. Please contact email@example.com for further information.