How to trust my own self-signed SSL cert?

I have a domain that I want to have webmail on, and I want it to be secure. I'm the only one who uses this site, yet I still want it to be secure.

I can't afford, and I don't think it makes sense to pay a CA to sign my cert.

I have SSL working at the moment with my self signed cert...but I want to know if it is enough.

If someone generates a self signed cert with the same info as my certificate, is there any way I can tell, short of memorizing the serial number or something?


Solution 1:

If you create your own certificate, generated from your own Certificate Authority, you can configure your browser of choice to trust that CA. That way it will trust the certificate you created from that CA. A random person creating a certificate with identical information to yours should cause your browser to throw SSL validation failure errors, since that certificate would not be signed by a CA you trust.

Solution 2:

If you are the only one to use the domain, then a self-signed certificate is sufficient. Creating your own certificate means generating your own CA private key. As long as you can keep this private key secure, you then don't have to worry about anyone forging certificates. Without this private key it's impossible for anyone to generate a certificate with the same public key, and you will be able to tell by comparing the public keys.