Posted on February 9, 2021 August 7, 2022 by Klemen Novak
Tags: Certificates, Electronic signature
4 comments
A self-signed certificate is a X.509 digital certificate that is not signed by a publicly trusted certificate authority (CA). This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates. The reason why they’re called self-signed is that they’re created, issued, and signed by the company or developer who is responsible for the website, software, emails or documents being signed.
“In a CA-based PKI* system, the CA** must be trusted by both parties. This is usually accomplished by placing the CA certificates in a whitelist of trusted certificates,” says Wikipedia.
* PKI – Public Key Infrastructure (X.509 certificates are public key certificates)
** CA – Certificate Authority
Self-signed certificates are not candidates for a whitelist of trusted certificates, nor they can be revoked, if they become compromised. Therefore, self-signed certificates are considered unsafe for public-facing websites or for signing documents, emails, and applications. Yet you can benefit from them in certain scenarios.
Self-signed certificates are free and can be easily created. They can be used for development and testing purposes, or for securing intranet sites and internal applications.
For example, SSL self-signed certificates are suitable for internal (intranet) sites or testing environments since they encrypt the incoming and outgoing data with the same ciphers as any other paid SSL certificate. We used one to enable a safe connection to D365FO application in OneBox VM on-premises. Read more >>
Or you can use a self-signed document signing certificate to test digital signatures in D365FO, as we actually did while developing the Electronic signature feature. Read more >>
The next question is, of course, how to create a self-signed certificate. You can do it manually in PowerShell as described in Microsoft documentation, or you can use an online tool (although majority of them are dedicated to self-signed SSL certificates).
We’ve recently released a new feature called Electronic signature, and during the development phase, we needed an effective way to test this functionality thoroughly. Using PowerShell can be quite complex, so we decided to create a simple yet smart tool with UI, where you can quickly set up the certificate fields, create the self-signed certificate and store it to your local disc or to the selected Microsoft Certificate Store.
By using Docentric Self-Signed Certificate Generator, you can create on click the following types of self-signed certificates: