Trusting invalid SSL certificates is wrong
So let me put it clear from the first line: trusting invalid certificates is wrong.
And now I will explain why it’s wrong and why there are few excuses for it.
We are talking here about certificates for SSL encryption, which serves basically two purposes:
Privacy — data is transferred encrypted and can only be decrypted by the intended recipient and not a third party wiretapping the line. Authentication — making sure the receiving end that will be able to decrypt the data is who they claim to be and data is not diverted to a different receiver by a third party with access to manipulating our transfers.