Self Signed vs purchased Cert

Question

Hi, 
 A quick question for the experienced ones. What are the advantages when using a proper cert instead of the self signed one Other than the warning you get in browser when going to the fw URL? 
 another related question, will a purchased cert be able to intercept ssl traffic without having to install a cert on clients? i dont think so but wanted to double check as i think it has to be a verified root or intermediate cert which is something not a normal user/business can obtain

KingChris · Accepted Answer

Hi Moe-Ca 
 The advantages of using a purchased certificate is the fact that you wont have to install the self-signed certificate or private CA certificate on every device that needs to connect. 
 Some AV software will prevent you from connecting to a site with an invalid certificate. 
 To answer your other question, no you cannot purchase a certificate that acts as a signing certificate. This would make it easy for anyone to setup a MiTM attack. 
 Thanks!

Michael Dunn · Answer

Try this KB as a backgrounder: 
 https://community.sophos.com/kb/en-us/132997