Https self-signed certificate is a kind of self-signed SSL certificate, which is only suitable for internal use or testing needs. There are great risks in using self-signed SSL certificates in websites:

One: Self-signed SSL certificates are most likely to be forged and used by fraudulent websites.

Self-signed SSL certificates can be released at will without any supervision. You can send it yourself or someone else can send it yourself. If your website uses a self-signed SSL certificate, hackers can also forge an identical self-signed certificate and use it on phishing websites to forge a fake online banking website with the same certificate!

Two: deploy the website with a self-signed SSL certificate, and the browser will pop up warnings constantly.

The browser does not trust the self-signed SSL certificate. When a user visits a website where a self-signed SSL certificate is deployed, the browser will continue to pop up security warnings, which greatly affects the user experience.

Thirdly, self-signed SSL certificates are most vulnerable to SSL man-in-the-middle attacks.

When a user visits a website with a self-signed SSL certificate, the website usually tells the user to click "Continue to browse" when encountering a warning prompt from the browser, and the user gradually develops the habit of ignoring the warning prompt from the browser, which gives an opportunity for man-in-the-middle attacks and makes the website more vulnerable to man-in-the-middle attacks.

The typical SSL man-in-the-middle attack is that the man-in-the-middle is in the same LAN as the user or server. The middleman can intercept the user's data packets, including SSL data packets, and make a fake server SSL certificate to communicate with the user, thus intercepting the confidential information input by the user. When the website is replaced by a fake SSL certificate, the browser will warn the user that the certificate is not trustworthy, and the user needs to confirm whether to trust the certificate. Users habitually click "continue browsing", and man-in-the-middle attacks are easy to achieve.

Fourth: the self-signed SSL certificate has no accessible revocation list.

This is also a common problem in all self-signed SSL certificates. It is not difficult to make an SSL certificate. OpenSSL can be completed in a few minutes, but it is not so easy to really make SSL certificates work. In order to ensure the normal operation of SSL certificate, one of the necessary functions is to enable the browser to check whether the certificate status has expired or been revoked in real time, and the certificate must have a certificate revocation list accessible by the browser. If the browser can't check the certificate revocation status in real time, once the certificate is lost or stolen, it can't be revoked, which is very likely to be used for illegal purposes and users will suffer losses. In addition, the browser will send out "revocation list is unavailable, do you want to continue?" Security warnings greatly extend the processing time of browsers and affect the traffic speed of web pages.