What is a Self-Signed Certificate?
A self-signed certificate is a digital certificate where the certificate owner uses their own private key to electronically sign their corresponding public key. In most cases, such certificates are not considered trustworthy. This is because a self-signed certificate is essentially a "self-claimed" certificate, lacking endorsement from a trusted third party. Due to its self-claiming nature, self-signed certificates are sometimes colloquially referred to as "Ore-Ore Certificates" in Japanese, meaning "Me-Me Certificates."
One exception to this rule is root certificates issued by public certification authorities (public CAs) to authenticate themselves. Root certificates from public CAs that operate under properly defined and adhered-to guidelines are regarded as trustworthy and are pre-installed in web browsers. When a browser communicates with a website, it checks the server certificate presented by the site, verifies its issuer, and uses the stored root certificate of the issuing authority to decrypt the signature and confirm the certificate’s legitimacy.
In general, SSL server certificates should always be issued by third-party certification authorities. Using a self-signed certificate is discouraged because it becomes indistinguishable from certificates forged by malicious third parties. Configuring a web browser to accept self-signed certificates allows forged certificates to be accepted as well, leading to security vulnerabilities. In such cases, even encryption becomes meaningless, enabling eavesdropping and tampering within the communication path.