An SSL certificate is required to allow a web application to serve HTTPS traffic. Usually, a self-signed SSL certificate is enough to implement HTTPS.
Modern browsers present an error, pointing out to the user that the SSL certificate is not trusted (because it is not in the set of trusted root certificates on the machine).
Here we are going to discuss why we get a warning or error in our web-browser when trying to access server or website via the self-signed SSL certificate while using a secure connection.
Self-signed SSL warning or errors
When you are trying to access a service such as WHM on your server, over the SSL (Secure Socket Layer) protocol, the server has to identify itself with a SSL certificate to the web-browser.
In order for web-browsers to trust the certificate that the server has presented, the SSL certificate must be issued by a valid Certificate Authority (CA).
By default the SSL certificate that would be configured on your server would be a self-signed one, essentially meaning that it has not been issued by a CA, but instead your own server has signed the certificate as being valid.
This works perfectly fine for encrypting data, but it will present you with an error or warning in your web-browser when trying to access the secure content. Below are examples of this from popular web-browsers:
Click on Advanced, then Proceed to example.com (unsafe) to bypass SSL warning in Chrome.
Click on I Understand the Risks, then click on Add Exception….
Next click on Get Certificate, and finally Confirm Security Exception to bypass SSL warning in FireFox.
Click on Continue to this website (not recommended) to bypass SSL warning in Internet Explorer.
This warning is simply letting you know that the SSL certificate was self-signed. In the case of accessing your own server this isn’t a problem at all, and you can simply tell your web-browser to accept the self-signed SSL certificate and continue.
Where you would typically take caution on these types of errors would be if you were accessing your bank or a credit card’s website, as that could be an indication your secure data isn’t properly going to the right server.