SSL certificates: self-signed vs. CA
Wed 23 December 2015 by Döring, NilsEvery now and then I decide to create a website. Since I like my visitors to have their privacy protected, using SSL encryption seems the right way. Activating SSL is no hassle. And creating the necessary certificate is non, either. Within minutes one could create a fully encrypted, save and secure website, which protects its visitors privacy and data. So why should there be a problem? Well, the problem is trust. Or, more accurate, the browsers display of what they think is trust.
So, what is trust then?
I do trust what my browser shows to me, to be my own site. I can ping the server, I can trace the call from my browser to the server and of course, I can check the fingerprint of my own SSL certificate. Thats is fine for me. But how can you check, whether you have reached the right site or not. You can also check the fingerprint of the certificate. But you need a way to know which fingerprint would be the correct one. Of course, I could print the fingerprint on the website itself, as I do with the fingerprint of my PGP key. So would you trust this fingerprint? I certainly won’t and your browser is on my side.
What is the risk?
The risk is to fall in a trap an impostor might create for you. The check for the right certificate and therefore the right site should prevent, that anyone can show you his website instead of the website you are looking for. This is called a Man-In-The-Middle attack, which means someone intercepts your request for one site and delivers his site instead. If you are logging in to such an imposing website, the attacker has your username and password. And since you are viewing the impostors site, he can copy the original site and changing the identifying information to completely make his site look like the site you want to reach. So you can not trust anything printed on the sites you are seeing.
SSL is used to encrypt your data you are sending over the internet and the certificate is also used to ensure you of my or better my servers identity. Therefore you can check my SSL certificates fingerprint. But only if you know which one is the correct fingerprint, of course. And since you can not trust the information on the sites itself, you need another mechanism to verify my identity.
Certificate Authorities: the solution?
Certificate Authorites (CA) are one possible solution for this problem. They provide a list of certificates which they use to sign your self-created certificate. You can check the signature provided by my certificate and verify if the CA has really signed my certificate. So, if you are trusting the CA, you can trust me, basically. This means you have to trust my preferred CA to carefully check if the certificate is the correct one. And since my sites are not the only ones, you are reading, you would have to trust all the CAs the sites you read are using.
This surely could take a lot or work. Therefore your browser is helping you. Or more accurately, your browsers vendor and programmers. This means for example Mozilla if you are using Firefox or Google if you are using Chrome or an Android smart phone. They choose, hopefully very carefully, which CAs you could trust. All CAs which are selected by these companies are fully trusted to be able to check and guarantee for the identities of the certificates signed. So, in the end you are trusting the vendors to make the right decision to trust the right CAs to sign the right certificates you can trust.
And the world would be perfect, if this was all it would take. But there is no mechanism to ensure that only one CA can sign your certificates. Every CA can sign every certificate for every website. And even worse, every CA can sign other certificates to be CAs. If there exists only one chain of certificates and CAs with only one trusted CA in your browser, then you trust the sites certificate and with that, you trust the website. Therefore the complete system is just a stable and secure as the weakest CA is. If one CA is breached and used to sign malicious certificates, these certificates are trusted by all the browsers trusting the breached CA. One breached CA can undermine the complete certificate system used in the web.
Are CAs helping?
Well, in the end, that is you to decide. CAs provide a simple mechanism, although this mechanism is flawed. It works for a lot of people on the planet. That mechanism helps to identify the websites within a certain margin of error. If you are in a highly risky situation and the identity of the website is vital to you, you might consider not only to trust on the green icons in the address bar, by which the browsers signal you that there is a valid trust chain.
If your situation is not risky and not vital, you could always fall back to something called TOFU, which means Trust On First Use. You assume, the certificate you see for the first visit to be the correct one and track the certificate along future visits. If it changes unexpectedly, without notices from the websites author or before it was due to be replaced, you have to be careful. To check this, I use the Certificate Patrol plugin for my Firefox browser. It tracks the changes in certificates and their signing CAs. This helps to determine if something changes or behaves suspiciously.
Unfortunally browsers present a warning if they come across a certificate, they can not check. This scares of a lot of visitors. On the other hand, the green painted address bar they provide if the websites owner buys an expensive certificate, provides a false sense of security. These are simple mechanisms, but I think they are too simplistic. They don’t give the visitor a hint to evaluate the actual level of security the certificate really offers and may lure them to think they are secure as soon as they see a green painted address bar.
In the end …
In the end its the websites creators decision, which mechanism to provide. If I want to get a lot of visitors to my website, it would be certainly helpful, not to have any warnings popping up, when they visit my site. This holds basically for all public websites, in my opinion. There is nothing lost to provide a certificate, which is signed by a well known CA. This helps a lot of people to trust your site.
If you are providing a website with a need for security, you should provide a second way to help your visitors to check your certificates. Some banks print their fingerprints on letters they send as a second factor for authentification.
Overall certificates are a stable and widely implemented security feature. It offers a mean to check the identity of a site, but this requires the visitor to question the correctness and legitimacy of the trust chain. This is very difficult to asses. Therefore the legitimacy is hardly revisable and might lure you in a false sense of security.
For my website I am using at the moment, in August 2015, a self-signed certificate. I am currently planning to wait for letsencrypt.org to go public and get a certificate from them, since it will be widely deployed in many browsers and will be, I hope, free of charge. But, of course, I will post a notice, before changing the certificate.