Which term describes a digital certificate that has not been signed by a trusted certificate authority but is signed by the entity that created it?

• A. Self-signed certificate
• B. Certificate signing request (CSR)
• C. Wildcard domain
• D. Online Certificate Status Protocol (OCSP)

Answer: (A)

Self-signed certificates are digital certificates signed by the entity that created them rather than by a trusted certificate authority. Because there’s no chain to a recognized root CA, a client won’t inherently trust it; browsers will typically show a warning unless you manually install and trust the certificate (or set up an internal PKI and distribute its root certificate). The certificate still provides encryption and proves the holder’s public key, but trust is established locally rather than by a third-party attestation.

A certificate signing request is something you generate to request a CA to issue a certificate; it isn’t a certificate itself. A wildcard domain refers to a certificate that covers multiple subdomains under one domain, not who signs it. OCSP is a protocol used to check whether a certificate has been revoked; it doesn’t describe how a certificate is signed.