First, it is used by "people with a will".

In fact, "a willing mind" refers to a hacker. Self-signed SSL certificates can be issued by themselves, so others can also issue them. Hackers take advantage of their random distribution, and they can forge an identical self-service visa book and install it on phishing websites in minutes, so that visitors can't tell the difference between true and false.

Second, the browser will pop up a warning and be vulnerable to attacks.

As mentioned earlier, browsers do not trust self-signed SSL certificates. Even if the self-signed SSL certificate is installed on the website, the browser will pop up warnings when users visit, which greatly reduces the user experience. Because it is not verified and issued by CA, CA can't identify the signer and won't trust it, so the private key is useless, and the security of the website will be greatly reduced, thus giving attackers an opportunity.

Third, it is easier to install than to undo.

The self-signed SSL certificate has no accessible revocation list, so it does not have the status that the browser can check the certificate in real time. Once the certificate is lost or stolen and cannot be revoked, it is likely to be used for illegal purposes, causing losses to users. At the same time, the browser will also send out "revocation list is unavailable, do you want to continue?" Warning not only slows down the browsing speed of web pages, but also greatly reduces the trust of visitors to the website.

Fourth, the longer the validity period, the easier it is to be cracked.

The validity period of self-signed SSL certificates is extremely long, ranging from several years to decades, and can be issued as many years as you want. SSL certificates issued by trusted CA institutions will not be valid for more than 2 years, because the longer the time, the easier it is to be cracked by hackers. So the long validity period is one of its disadvantages.