Self-Signed Certificate

A self-signed certificate is one where the issuer and subject are the same entity and the certificate is signed with its own private key, with no CA in the chain. Browsers refuse it by default with warnings like NET::ERR_CERT_AUTHORITY_INVALID, because there is no third party vouching for the identity. Self-signed certs are still useful in three cases: internal development environments, machine-to-machine traffic where both ends pin the public key, and as the root of a private CA where the operator manually trusts the self-signed root in every client. For anything public-facing, free certs from Let's Encrypt via ACME removed every reason to self-sign.