Self-Signed Certificate

Also known as: Self-issued certificate

A digital certificate that is signed with the same private key whose public counterpart it contains, with no external certificate authority involved.

A self-signed certificate has the same entity as both subject and issuer, so anyone who trusts the certificate is implicitly trusting the keypair that created it. They are useful for development, internal test systems, lab environments, and for the root certificate at the top of any PKI hierarchy. On the public internet, however, browsers and operating systems will not trust them and present prominent warnings, because there is no externally verifiable chain of trust. They also limit revocation and lifecycle management. Better alternatives for production include certificates from a public CA, an internal enterprise PKI, or short-lived certificates issued via ACME.

Examples

A developer running a local HTTPS server with mkcert or openssl-generated certificate.
The root certificate of an internal PKI, which is by definition self-signed.

Self-Signed Certificate

Examples

Related terms

X.509 Certificate

Certificate Authority (CA)

Public Key Infrastructure (PKI)

TLS (Transport Layer Security)

HTTPS

Digital Signature

Definition

Examples

Related terms

X.509 Certificate

Certificate Authority (CA)

Public Key Infrastructure (PKI)

TLS (Transport Layer Security)

HTTPS

Digital Signature