Quora User. Been doing it for the past 15 years.
Certificates can be generated and the one you generate is just as valid as the one you will pay hundreds or thousands of dollars for. However the issue is browser support. Authoritative sources like Verisign have their root certificates pre-approved by major browser vendors.
When you buy a certificate from authoritative sources they sign your certificate with their root certificate making your certificate trusted by browsers, as well. It's trust by delegation.
The practical benefit of this is that if you self-sign your certificate a web-client (like a web-browser or e-mail client) will warn end-users with a popup, since the web-client does not know if your self-signed certificate can be truested. If you buy certificate from a source that the web-client knows, however, there will be no popup because the authoritative company (e.g. Verisign)
vouched for you by signing your certificate.
When you "buy" a certificate, it's very important to understand the level of the acceptance of their root certificates, for your target web clients. You may end up buying some cheap certificate from some company that is not trusted by your target clients anyway and it will be wasted money. Verisign certificates are the most expensive because they are trusted by the largest number of clients. Thawte certificates have very good market penetration as well and are cheaper (esp. for wildcard domains).
Popups can be very annoying and unprofessional, if you are planning to use https connection for something serious. If you are just playing with it and testing something - there's no need to spend good money on a certificate, you can easily generate one on a Linux/Unix box.
450 views • Written 242w ago • Not for Reproduction