HTTPS self-signed vs. company issued

[moose-en-a-gant]

I'm just wondering how the self-signed certificates compare to company issued ones like by GoDaddy

 

Where do you notice a difference, if you "self-sign" are you in essence "faking" a security? Or what?

 

I mean what makes an HTTPS certificate given out by GoDaddy "legit" ?

 

I may need more SSL certificates and I'm not sure if I want to buy them for like upwardly approximated at $100.00 each

[CroNiX]

Self-signed certs are secure. They are just certs. The difference is they aren't VERIFIED by a 3rd party to ensure you (the website) are who you say you are. So modern browsers will yell about that. When getting a cert from godaddy or other 3rd party, they certify who you are and has been verified by a trusted source.

 

http://webdesign.about.com/od/ssl/a/signed_v_selfsi.htm

[moose-en-a-gant]

Do you happen to know if this applies to websockets? As in, if I use a self-signed certificate, will that take care of security issues concerning websocket connection?

 

Thanks for your response.

[CroNiX]

I really don't know. If it's coming to/from the browser than most likely. I haven't used sockets like that so am really unsure. It does affect things like CURL requests, if the cert is self signed. You have to set extra options to ignore that, so it's entirely possible sockets might have something similar.

[moose-en-a-gant]

Okay thank you