SSL issued by self?

[Gibberish]

I am developing a site for a client and time has come for the client to get me info to install the SSL. I suggested going through godaddy since the client has an account through them.

They had their host set up an SSL, which was created through SSL manager in cPanel. The thing that has me wondering is that they are not using any certifying authority that I can see. If I go to the site and check the cert info (click on the lock icon in the browser) I get this:

Issued for: www.clientssite.com
Issued by: www.clientssite.com

I have never not gone through a certifying authority. Usually the Issued by is Verisign, geoTrust, godaddy. Etc.

Is this secure or is it just pretending to be? I would like to voice my opinon on this topic but have not seen this situation before.

[Gibberish]

After some more reading I find that anyone can issue an SSL with the right tools.

Though it will give a warning to the user everytime they are directed to a https page unless the Issued by is a certifying authority. Which is not good because many people will be scared off by this and the site has the high probability to lose users.

[wwb_99]

On a technical level, any SSL certificate is as secure as any other SSL cert of a similar key size. One could argue that self-issued SSL is far and away most secure, since you should trust yourself, no? Self-issued SSL is very handy for a few things, such as intranet applications or development work.

That said, I would go with a publicly recognized authority for my site for the reason you state. Unless it is just forcing the admin area through the SSL.

[guru-host]

Is this secure or is it just pretending to be?

This is a good question.
this article to get an idea about authorities.