How bad is self-signed cert?

twitter logo github logo ・1 min read

How bad is you when it come to verifying a cert? People use cert from CA because browser already trusted the root cert that being used to sign the cert. So browser can do the verification. Using self-sign cert, you have to do the verification yourself. If it's only you to access the site, it's not that difficult. You have the cert, so you can add it to your browser to be trusted.

But if Joe, Anna and Foo also need to access the site, you have to "securely" hand over the cert to them. Probably still not much a problem as you can go and meet them in person. But imagine if there's 100 more, or 1000 more people need to access your site and you don't even know them. Now you start seeing a problem with using self-signed cert.

twitter logo DISCUSS (1)
markdown guide
 

AFAIK, Let’s Encrypt provides free certificates, so there’s really no need to use a self-signed one.

Classic DEV Post from Jan 5

You don't need to know everything (but you should know something well)

Dan Abramov recently published a couple of posts that made me think considerabl...

Kamal Mustafa profile image
Python/Django Developer at xoxzo.com.