A self-signed certificate is a X.509 digital certificate that is not signed by a publicly trusted certificate authority (CA). This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates. The reason why they’re called self-signed is that they’re created, issued, and signed by the company or developer who is responsible for the website, software, emails or documents being signed.
“In a CA-based PKI* system, the CA** must be trusted by both parties. This is usually accomplished by placing the CA certificates in a whitelist of trusted certificates,” says Wikipedia.
* PKI – Public Key Infrastructure (X.509 certificates are public key certificates)
** CA – Certificate Authority
Self-signed certificates are not candidates for a whitelist of trusted certificates, nor they can be revoked, if they become compromised. Therefore, self-signed certificates are considered unsafe for public-facing websites or for signing documents, emails, and applications. Yet you can benefit from them in certain scenarios.
For example, SSL self-signed certificates are suitable for internal (intranet) sites or testing environments since they encrypt the incoming and outgoing data with the same ciphers as any other paid SSL certificate. We used one to enable a safe connection to D365FO application in OneBox VM on-premises. Read more >>
Or you can use a self-signed document signing certificate to test digital signatures in D365FO, as we actually did while developing the Electronic signature feature. Read more >>
How to create a self-signed certificate?
The next question is, of course, how to create a self-signed certificate. You can do it manually in PowerShell as described in Microsoft documentation, or you can use an online tool (although majority of them are dedicated to self-signed SSL certificates).
We’ve recently released a new feature called Electronic signature, and during the development phase, we needed an effective way to test this functionality thoroughly. Using PowerShell can be quite complex, so we decided to create a simple yet smart tool with UI, where you can quickly set up the certificate fields, create the self-signed certificate and store it to your local disc or to the selected Microsoft Certificate Store.
Docentric Self-Signed Certificate Generator
By using Docentric Self-Signed Certificate Generator, you can create on click the following types of self-signed certificates:
- Document signing certificates - to sign your documents in PDF and other document formats.
- Email signing certificates - to sign your outgoing emails.
- Client access certificates - to enable your client apps to make authenticated requests to remote servers.
- Code signing certificates - to sign your apps.
- Secure SSL/TLS server certificates - to set up a secure web or application server.
- Certificates without usage purpose - to test certificate validation procedures.
Download Free Self-Signed Certificate Generator
Enjoy! 😊 👍