Self-signed SSL certificates vs commercial SSL certificates: How Mozilla is killing self-signed certificates

SSL certificates are important for establishing an encrypted connection between a client and a server. Only clients that accept a signed SSL certificate will be able to establish an encrypted connection with the server. Encrypted connections are used by webmasters to build secure websites, like e-commerce websites, where extra protection is necessary to prevent eavesdropping.

A SSL certificate is issued by a certification authority, or certificate authority (CA). There are a few types of certification authorities:

  • Commercial certificate authorities, who charge for their services.
  • Certificate authorities owned by institutions and governments for their own use.
  • Self-signed and community-driven certificate authorities, which are free of charge.

Every webmaster will probably ask this question: "Where can I get a cheap commercial SSL certificate?"

Why would webmasters want to buy something they can get for free?
Because using a self-signed certificate or a certificate signed by an unapproved (new or non-profit) provider will display a scary warning to users trying to establish an encrypted connection. This results in most users skipping the manual verification and acceptance process, and leaving the website.

Web browsers and ftp clients transparently accept SSL certificates signed by certificate providers who pay to have this functionality enabled in those clients. Most web browsers will display a visual cue to indicate to the user that the website they are viewing has a valid SSL certificate signed by an official certificate authority, and that the connection is encrypted.

Commercial signatures for SSL certificates from commercial 3rd party certificate authorities allow users to quickly verify that the website they are viewing is operated by someone in contact with the person that registered the domain name under which the website operates. Another advantage of commercial certificates is no web browser warning messages to users, and users not having to manually validate and accept the certificate.

Using any type of SSL certificate (commercial, self-signed, or community-driven certificate) does not offer any other guarantee than a quick check of ownership-operational relationship. A compromised (hacked) website can very well have a valid and officially signed SSL certificate.

Purchasing a SSL certificate signature from a commercial certificate authority is expensive (starts at around $50/year). Some services are offered stating at $14.95/year, and some companies offer a free version (see the updated list of certificate authorities below). Self-signed certificates and community-driven certificates are free. Paying for a SSL certificate is mostly a marketing consideration and is used for building customer trust.

SSL certificate signatures are the first step in establishing an encrypted connection. Accepting a signature for a SSL certificate means the user trusts the credentials listed in the signature and accepts to establish an encrypted connection with the server. This kind of trust is very relative, and not easily understood by many. For example I do not see how transparently trusting a commercial 3rd party certificate authority is adding security to a website vs. a self-signed certificate. I can easily see how browser vendors who get paid to auto-accept commercial certificates(1) include Certificate Authorities in their browser store make it more comfortable for users to surf the Web without having to manually check every new SSL certificate they encounter.

The relationship between 3rd party commercial certificate authorities and browser vendors is creating the need for purchasing commercial SSL certificate signatures. I am assuming this certificate authority market has been created as a way of making money with this technology, and as in any market it's all about market share. Browser vendors are making SSL certificates a luxury commodity.

Having a warning message for all SSL certificates is fair, but this is not done at all in reality. Having warning messages only for "untrusted" certificate providers is acceptable, even if those warnings are confusing and scary (it has always been like this as far as I know). But what about dismissing "untrusted" SSL certificates all together? Is this fair for webmasters, web surfers, and content providers?

Mozilla Firefox 3 kills self-signed SSL certificates. The new Mozilla Firefox 3 web browser is making it impossible to operate a successful website that uses self-signed or community-driven certificates to establish secure and encrypted connections. How is this possible when SSL is free and Open Source, and Mozilla Firefox is free and Open Source too?

Mozilla is blocking equal access to the features of HTTP and SSH. Firefox 3 features a new warning message for self-signed or non-profit certificates. The user is presented with a "Secure Connection Failed" warning page instead of the classic pop-up dialog box. There are four clicks required to bypass this warning and access the encrypted website. This effectively disables websites encrypted by self-signed SSL certificates, as not many Web surfers are willing to spend the extra time to figure out how to bypass this warning page and access the website, if they did not already leave the website thinking it just doesn't work. Because of the growing market share of the Mozilla Firefox web browser, webmasters are pretty much forced to buy a commercial SSL certificate. While this certainly profits the commercial certificate authorities and the web browser vendors, it is not clear how it will help webmasters and web users become more secure.

Firefox self-signed certificate warning

Nat Tuck explains in a post (http://www.cs.uml.edu/~ntuck/mozilla/) how this new policy from Mozilla is detrimental for the Web by limiting the number of encrypted connections, and undermines the basic principle of equality among web participants.

List of certificate authorities (CA):
Community-driven certificate authority offering free SSL certificates: CAcert
Commercial certificate authorities offering paid and free SSL certificates: StartSSL
Big commercial certificate authorities offering paid SSL certificates: Verisign, Thawte (Verisign owned), GeoTrust (Verisign owned), DigiCert, Comodo, Go Daddy, and Entrust.

Some Domain Name registrars bundle some commercial SSL certificates free of charge for one year, with the purchase or transfer of a domain name.

Updates:
(1) It is important to note that Mozilla does not get paid to add Certificate Authorities in the Firefox root store. I have no information regarding this procedure for other Web browsers. I have no information on the business relationship between Web browser authors and commercial Certificate Authorities. Thus I am retracting the "get paid" statement and replacing it with "include Certificate Authorities in their browser store" which better reflects my current knowledge on the subject. See the Mozilla CA Certificate Policy (Version 1.2) http://www.mozilla.org/projects/security/certs/policy/ See also http://www.webtrust.org An expensive Webtrust audit (~$75,000 up-front plus ~$10,000 per year) is required for vendors seeking to have their root certificates included in browsers. For the same reasons "and the web browser vendors" is retracted.

A response from Mozilla interface designer, who fails to explain why the change in UI is better for security or any other things: http://blog.johnath.com/2008/08/05/ssl-question-corner/

Webmaster Mike Belshe takes Facebook's SSL certificate validation as example to illustrate SSL's speed shortcomings, and the changes required to make it better: http://www.belshe.com/certificate-validation-example-facebook

Trusted third party (TTP) anecdotes:

◇ Hackers managed to create fake SSL certificates for google.com, yahoo.com, mozilla.com, and live.com by compromising a Commodo SSL reseller. The attacks were focused on gathering user credentials. Although discovered on March 16th, the security breach was reported on March 23rd to allow browser vendors to issue security patches. https://blog.torproject.org/blog/detecting-certificate-authority-comprom...

◇ Certigna SSL Certificate authority archived their test SSL certificate and private key in public. Certigna had to remove the files and pacify their customers after the news spread.

◇ A fraudulent digital certificate to *.google.com was issued by *.ego.gov.tr, one of the two organizations who were mistakenly issued intermediate CA certificates by TURKTRUST Inc.

Imagine you are on a wireless connection at a coffee shop and would like to access a secure site. The owner of the coffee shop, Mallory, would like to monitor your traffic. This is terrible! What ever will you do? Ah, we have SSL. This important website you are connecting to will create a self-signed certificate and you can make an SSL connection. All you need to do is connect to the site, click through the "scary" warning, and all is safe.

But wait. What was involved in creating this self-signed certificate? A copy of openssl and a webserver. Hmm. What if Mallory sets up a transparent web proxy along with his own self-signed certificate? Now you get the same web browser warning but are routing all of your traffic through Mallory's proxy. This is exactly as bad as using no SSL at all, but now you *think* you're safe and will blindly give up your oh-so-precious information to Mallory.

The self-signed certificate warning is not an imaginary extortion scheme. It's the *only* way we have to ensure secure end-to-end connections. Let me repeat: A self signed certificate is worse than useless for web security.

@Adam

You are basing your argument on your own knowledge. How many people do you think know what SSL is? How many people know the implications, and security issues that SSL deals with and understand its limitations? How many people even *look* for that secure lock before entering their credit card information? Adn now remember how much crapware is installed on the average PC. People don't know this stuff, and they don't think:

"Oh I am using SSL, that means I am safe from man-in-the-middle attacks"

There is absolutely no problem with the browser indicating a secure connection (for those who care) for a properly signed certificate, and indicating a less secure connection for a self-signed certificate. Look at it this way, in rising order of security:

No encryption
Self-signed certificate
Certificate signed by a CA

Having a self signed certificate is more secure, since a man-in-the-middle requires significantly more effort than simply sniffing the traffic that happens to pass throgh your routing node.

So while self-signed certificates, as you rightly pointed out, are not nearly as secure as those signed by a CA, they don't do any harm either, which is why it makes no sense to have Firefox and friends act this way.

I think self-signed SSL Certificates can do harm. If it is possible to set up a man-in-the-middle attack then why should the browser reassure users that the connection is secure? Even if the chance of an attack is remote, the browser shouldn't pretend that the threat isn't there.

i can sniff self signed and CA issued SSL (128 bit) based connections. All SSL are same no need to wonder. American idiots doing shit and other american idiots always wondering why. You know why ? Cuz you're all stupid americans kapito

*CACKLE* Well said.

What I think is:
Having a self signed certificate by your own CA is the most secure. The problem is, that most users don't care about certificates, they just think "wow that's really secure". BUT: If any certificate's path can be resolved to a commercial root CA, the user does not even think about the destination trust. So if the broser says "no, I don't trust this certificate, your on your own and its up to YOU to say "yes but I do". The very best would be: The broser says "I don't trust that one, what do you think?" You would say: "Yes, here I got the public key (insert your USB stick then)" and the browser would say "ah, you know each other, well....". Understand what I mean? For sure, this would not be a solution to wen shop sites. but I think for banking sites it would be a true alternative.. isn't it?

I like Adams comments & agree with his statements. What is PKI after all? PRIVATE KEY.
Using either SSL or S-HTTP is an e-commerce trasaction secure method for confidentiality and for nonrepudiation. Like he stated, why still use "X.509" certs at all if nobody is going to look and notice if they're on a secure trasantion site or correct channels using encryption to begin with. All that junk the ignorant people have on their computer is more to blame for intrusions, if they knew what they were doing in the first place.

Thanks for posting, I found the topic useful & helpful

Yes,
I am agree with you.

Great post. I think one should never trust a site with a self signed certificate. Nowadays fake self signed certificate are created which are cached in ie. So, better to go for a valid certified site. Thanks

SSL certificates are good for Websites security and they should be commercial like VeriSign, Thawte, Rapid SSL or any else. Self signed SSL certificates are not very secured and they may harm website or website data. A good information shared about SSL certificates in this article.