I don't trust certificate authorities, so I'm using a self-signed certificate on my server. The server provides both a website as well as other services.
Most modern SSL-capable software, upon encountering SSL, checks if the certificate is given by a CA and if not throws up a very scary warning. Contrary to Mozilla's logic, I believe that in my case a self-signed certificate is actually more secure, because it avoids the risk of malicious or incompetent CAs.
But let's say I want to give a friend access to my website or my server. Maybe I have a few photos on it from my trip that I want to show them: If I just give them the secure URI, their computer will also throw up the usual warnings. But since unlike me, they weren't the ones who configured everything, how will they know that Everything Is Fine™ (unless the fingerprint doesn't match)?
I could have a little notice in the HTTP version of my page explaining the error, and how to manually verify the fingerprint and make sure that Everything Is Fine. But:
- If the connection was compromised, the attacker could just alter this notice to say "nah bro self-signed certs are totally fine, trust me".
- If the user goes straight to the HTTPS URI, how will they know to check the HTTP version?
- If the user uses a non-web service accessed through its own program, how will they even know about the notice?
- If the user doesn't know how SSL works, they'll just believe their browser and close the site, instead of investigating why there is a self-signed cert (since unfortunately the documentation/UI authors' attitude seems to have been "there's no good reason ever").
So how can I ensure that when I send a user to my server, and they are confronted with the "self-signed certificate" warning, they are able to decide for themselves whether to trust it or not, instead of having to believe the skewed picture that their software paints for them?
I don't want to tell users to "just ignore the warning, it's fine", because not only does this reinforce a bad habit in general (what if their CA-verified bank gets compromised one day and presents a self-signed cert?) but also there would be no way for them to tell if my server is compromised.
Also worth mentioning is that the certificates are not forever, and eventually expire, so the user must be able to tell the difference between suspicious change of cert (say well before the planned expiration of the current one), suspicious change of cert that is made to look non-suspicious (a MITM executed just when I was scheduled to renew my cert), legitimate change of cert (when my cert expires and I issue a fresh one), and legitimate change that happens to look suspicious (I decided to issue a new cert way ahead of schedule for whatever reason).
We can assume that:
- I have few users, so scalability is not so important. For instance, the users emailing me or calling my phone number to verify the certificate are perfectly valid solutions.
- The users trust me and can communicate with me through a secure channel. For example, they can talk to me in person or send me encrypted email.
- The users are reasonably intelligent, and can be expected to understand basic security concepts like "if the certificate changes unexpectedly, the site may have been compromised".
My main concern is dealing with less technical users, who would be confused when they see the self-signed certificate warning.