Technically Self Sign Certificate means the certificate is signed by the same individual whose identity it certifies. Here, in signing procedure the private key is signed by the owner of the certificate itself (not by trusted Certificate Authority). Self-sign certificate comes up with free of cost which encourages internet users to secure website with free SSL Certificate.
If a website which has limited pages and less number of users, then self-sign SSL certificate is a good option.
Drawbacks of Self sign SSL Certificate
In Public Key Cryptography Infrastructure (PKI), the Certificate Authority (CA) must trust the certificate signer to secure the private key & to transmit information online over the internet. But in self-sign SSL certificate case, the CA is not able to identify the signer and it won’t trust it, due to this the private key will no longer remain secured and get compromised as well. Now, this helps cyber criminals to attack on that website and to steal the information.
If the self-signed SSL certificate installed on an e-commerce website, the users will feel the risk of data and information theft and quit their shopping which affects the online business and owner’s reputation as well.
Recently Google Announced Self-signed SSL certificate will not be considered as HTTPS signal, on August 2014, Google announced websites with HTTPS/SSL will earn a ranking boost in SERP and due to this move over 1% query have been affected. Google investigated Self-signed certificates doesn’t have the worth as HTTPS ranking signal due to its less security and trust factor. Finally, they decided to flag it from HTTPS ranking Signal.
A website which collects user’s sensitive and personal information should not install the Self-Signed SSL Certificate. Banking, E-commerce, Social Media, Health Care, Government Sectors are one of them.