The following post will cover the advantages and disadvantages of using self-signed certificates.
Self-signed certificates usually created automatically during installations of server side applications (e.g. Exchange 2010, SCOM 2007 R2 etc.).
By using self-signed certificates, no PKI (Public Key Infrastructure) is needed to be deployed before/after deployment of server side applications. However, using self-signed certificates has it advantages and disadvantages.
1. No PKI (Public Key Infrastructure) is needed.
2. Automatic deployment (Usually Self-signed certificates created automatic during the installation process of the server side applications).
1. The certificates aren’t trusted by other applications/operating systems. This may lead to authentications errors etc.
Note: To overcome this limitation, some IT staff add the self-signed certificates to the Trusted Roots Certificate Authorities. However, using this workaround may to additional time that needed for management and troubleshooting.
2. Self-signed certificates life time is usually 1 years. Before the year is ended, the certificate may need to renew/replace.
3. Self-signed certificates may use low hash and cipher technologies. Due this, the security level that implemented by self-signed certificates may not satisfy the current Security Policy etc. .
4. No support for advanced PKI (Public Key Infrastructure) functions (e.g. Online checking of the revocation list etc.).
5. Most of the advanced feathers of the server side applications required to impended a PKI (Public Key Infrastructure). By this, self-signed certificates advantages cant be used.
From my point of view, PKI (Public Key Infrastructure) must to be deployed as prerequisite to any installation of Enterprise server side applications. However, self-signed certificates can be used for limited scenarios (e.g. Installation of a single Exchange 2010 server in the organization etc.)