SSL Differences

Hi, where are the differences to a Self Signed SSL and of a Standard SSL?

Both have https:// but a Self Signed SSL doesn’t have any encryption while a standard SSL has strong cipher suites and encryption. If a site uses Self Signed SSL it will not be trusted by the majority of browsers…


Also if you are using Cloudflare, DO NOT use the Cloudflare thing in Cpanel. Use Cloudflare from the Cloudflare website. Also, do not use full (strict) in cloudflare because you cannot install Cloudflare’s Origin CA Certificate.

A Self-signed SSL Certificate is an SSL Certificate that is issued by the individual using it. It’s issued with software that the user has and controls. This can be good for testing environments but it’s got some major drawbacks. When a browser receives an SSL Certificate it’s looking for it to be issued by a party it trusts. When you sign your own certificate you’re essentially vouching for your own identity.

A Trusted CA Signed SSL Certificate (CA Certificate) is an SSL Certificate that’s been authenticated by one of the trusted Certificate Authorities that are authorized to issue them. These CA’s are trusted by the browsers because they meet all the requirements that have been set for issuing SSL Certificates and they have safeguards in place to mitigate mis-issuances and other sorts of fraudulent behavior.


But because a Self Signed certificate is detected by browsers (like chrome) coem untrusted

It depends on how you use it.

For example, I use one self-signed certificate from InfinityFree between my hosting and Cloudflare.
But I use a Cloudflare trusted CA certificate between Cloudflare and my website’s viewers.

This way, all my users only see the trusted certificate and never see the self signed certificate, because it only works between InfinityFree and Cloudflare.


But a self signed does support https?

Yes, it supports HTTPS. But most, if not all, browsers don’t trust it.


The key difference is that a self-signed doesn’t have a trusted root CA. Browsers read the Certificate and look for a Root CA. If none is found, then the browser can’t ensure the connection as it not be signed by a trusted provider.

The structure of a certificate is like this:

--| domain certificate (issued by 'example')
----| certificate for 'example' (issued by 'exampleCA')
------| certificate for 'exampleCA' issued by 'exampleCA'

Without this chain, a browser cannot ensure the secure connection between the device and server.



This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.