There’s kind of a rash going around, with people creating and deploying self-signed certificates in all manner of situations.
Stop it. Here’s why.
First, let me openly acknowledge that I get it. Certificate management is a PITA sometimes, especially in organizations that really have a locked-down PKI. And I mean, sheesh, all you want to do is get some encryption going, right?
No. Not right.
Self-signed certificates are primarily useful only in a test-and-pilot environment, and even then, they’re not an awesome idea because they don’t accurately test or pilot whatever you’re trying to test or pilot. For one, they’re not testing or piloting your ability to use real certificates, which is a thing you should be testing and piloting.
Additionally, you need to understand why certificates exist. I know you think you might know – encryption! – but you’re wrong. Encryption is not why certificates exist. Certificates exist to prove identity; encryption is the means by which they do so. Amazon.com having an SSL certificate is not there to encrypt your data; it’s there to prove that you’re sending sensitive data to actual Amazon.com, and not to an imposter. Encryption is the means by which that happens, but the encryption itself is pointless if the data’s going to the wrong person. Identity is why certificates exist.
As a means of proving identity, a self-signed certificate is stupid. It’s like having a homemade passport – nobody will care. The identity of Entity A can only be proven to Entity B by means of a third-party verifier, Entity C, whom Entity A and B both trust. The third-party verifier cannot also be Entity A (“trust me! I am who I assert myself to be!”) because that is dumb.
So let’s say you deploy a shiny new PowerShell Web Access (PWA) server. It refuses to run (rightfully so) without an SSL certificate. But you don’t want to get a real SSL certificate (either private or commercial), so you make a self-signed one. So now, when an administrator connects to the server and types in a Domain Admin password, you’ve no real verification that the PWA server is actually your PWA server, as opposed to some intruder. Oh, but it’ll be an encrypted channel! So, yay, you and the intruder can have a private conversation while they rip off the family jewels. Awesome.
Every time you use a self-signed certificate outside of a very initial and informal testing situation, you are making two clear statements:
- I do not know how this works, nor do I care.
- My organization and I do not possess certain basic IT management skills, which definitely include certificate management, but may also include many other things that others take for granted. Shun us.
So. Stop it. If managing certificates is a pain in your organization, fix that problem. Certificate management is like IP address management – it is a core expectation at this point, and if you don’t know how to do it, you don’t deserve your job (so, you know, find out). If your organization doesn’t do it, they don’t deserve your expertise (so, you know, resume).