Self-signed Certificate term has nothing to do with the identity of the person or organization that actually performed the signing procedure. In technical terms a Self-signed Certificate is one signed with its own Private Key.
In typical Public Key Infrastructure (PKI) arrangements, a Digital Signature from a Certificate Authority (CA) attests that a particular Public Key certificate is valid (i.e., contains correct information). When a Self-signed Certificate is used, there is no Trust Anchor that can participate in Certificate Validation.
Self-signed Certificates provide a lower Risk from these two aspects:
- that they avoid the problems of trusting third parties that may improperly sign certificates.
- transactions usually present a far smaller attack surface by eliminating both the complex Certificate Validation and Certificate Chain validation, and CA Certificate Revocation checks like CRL and OCSP.
Self-signed Certificate Revocation#Self-signed Certificate cannot be revoked by a Certificate Authority. Revocation of a Self-signed Certificate is accomplished by removing it from the Truststore (essentially the same as revoking trust in a Certificate Authority).
More Information#There might be more information for this subject on one of the following:
- Identity Certificate
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens
- Opportunistic encryption
- Site Certificate
- Trust Anchor
- Verifying Certificate Signatures
- Web Blog_blogentry_081116_1