LDAPWiki: Self-signed Certificate

Overview[1]#

In cryptography and computer security, a Self-signed Certificate is an identity certificate that is signed by the same entity whose identity that is provides AssertionSelf-signed Certificate term has nothing to do with the identity of the person or organization that actually performed the signing procedure. In technical terms a Self-signed Certificate is one signed with its own Private Key.

Self-signed Certificate is a Self-Asserted Certificate just as a business card is an Assertion of employment.

In typical Public Key Infrastructure (PKI) arrangements, a Digital Signature from a Certificate Authority (CA) attests that a particular Public Key certificate is valid (i.e., contains correct information). When a Self-signed Certificate is used, there is no Trust Anchor that can participate in Certificate Validation.

Self-signed Certificate cannot (by nature) be revoked as there is no Trust Anchor that can participate in Certificate Validation.Self-signed Certificates provide a lower Risk from these two aspects:

that they avoid the problems of trusting third parties that may improperly sign certificates.
transactions usually present a far smaller attack surface by eliminating both the complex Certificate Validation and Certificate Chain validation, and CA Certificate Revocation checks like CRL and OCSP.

Self-signed Certificate Revocation #

Self-signed Certificate cannot be revoked by a Certificate Authority. Revocation of a Self-signed Certificate is accomplished by removing it from the Truststore (essentially the same as revoking trust in a Certificate Authority). !! More Information There might be more information for this subject on one of the following:

[#1] - Self-signed Certificate - based on information obtained 2016-04-30-

Overview[1]#

Self-signed Certificate Revocation#

Self-signed Certificate Revocation #