Limit the validity period, it should be as short as you can handle from the maintenance standpoint.If you have a small personal site that transfers non-critical information, there is very little incentive for someone to attack the connections. There is no need to spend extra cash buying a trusted certificate when you are just developing or testing an application. When clients only have to go through a local Intranet to get to the server, there is virtually no chance of a man-in-the-middle attack. However, self-signed certificates can have their place: (Self-signed certificates or certificates issued by a private CAs are not appropriate for use with the general public.) Self-signed certificates can enable the same level of encryption as a $1700 certificate signed by a trusted authority.
How to create a self-signed certificate (openSSL)Ī self-signed certificate is a certificate that is signed by the person creating it rather than a trusted certificate authority.