as for avoiding the "high cost of 'real' SSL certs", they are only really expensive if you buy them from the wrong place. you can get 'real' ssl certs for <$100 individually, and if you are a company that needs a lot of them you can get them in quantity for <$50 (you also don't have to get certs that expire after one year either)
the fact that some people think it's necessary to pay $900 per year for a cert is a testimate to stupidity and marketing.
and frankly if you consider $50 or $100 too expensive then I question if what you are protecting is worth bothering with SSL in the first place.
Self signed certs are not a problem if you use them properly and have the users tell their browsers to install it as a valid cert, but just using them without giving the users a way to do this and expecting them to click through the cert warning is bad for everyone and provides little security to your users.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds