I am under the impression that self signed certificate pose risks of man in the middle attack as client can be presented a different self signed certificate by the middle man. My question is as follow.
If I use a self signed certificate (Using SelfSSL) on the server and at the time of running an ssl page (It is an admin page and not for the public) browser gives me a warning and I install the self signed certificate in the trusted store (Assume that this request is not intercepted by the middle man), will there be any risk of man in the middle attack. For my test what I did is to change the certificate on the server keeping all the parameters same and it created a different thumbprint and browser start giving me the warning again while running ssl page. This means if anybody change the certificate, I will get the warning which will indicate that certificate has been changed from the one I added to the trusted store. Is there any flaw what I am doing? I don't want to buy any ssl just for my own one page.
