A self signed certificate is a certificate that is signed by the person creating it rather than a trusted certificate authority. Free self signed certificates can enable the same level of encryption as a $1500 certificate signed by a trusted authority, but there are two major drawbacks: a visitor's connection could be hijacked allowing an attacker view all the data sent (thus defeating the purpose of encrypting the connection) and the certificate cannot be revoked like a trusted certificate can.

Self-signed certificates aren't trusted by browsers because they are generated by your server, not by a CA. However, self signed certificates have their place:

  • An Intranet. When clients only have to go through a local Intranet to get to the server, there is virtually no chance of a man-in-the-middle attack.
  • A development server. There is no need to spend extra cash buying a trusted certificate when you are just developing or testing an application.
  • Personal sites with few visitors. If you have a small personal site that transfers non-critical information, there is very little incentive for someone to attack the connections.

Just keep in mind that visitors will see a warning in their browsers when connecting to an server that uses a self signed certificate until it is permanently stored in their certificate store.