Self-Signed Certificate / TLS

Transport Layer Security (TLS) is the protocol that encrypts and authenticates connections on the modern internet, securing everything from a web dashboard to a wallet's link to its node. Its predecessor was SSL, a name still used loosely. TLS relies on certificates to prove a server's identity and to establish the keys that protect the session. A self-signed certificate is one you generate and sign yourself rather than obtaining from a recognized certificate authority.

How TLS uses certificates

During the TLS handshake, the server presents a certificate containing its public key. The client verifies that a trusted authority has signed it, then both sides derive shared session keys to encrypt the conversation with forward secrecy. The signing chain is what lets a browser trust that it is really talking to the intended server and not an impostor in the middle.

Self-signed certificates

A self-signed certificate skips the external authority: you act as your own signer. It still provides full encryption, but because no trusted party vouches for it, clients show a warning and you must manually trust it. For a node, dashboard, or service that only you and devices you control will reach, this is often perfectly acceptable and avoids depending on an outside issuer. For anything the public will visit, an authority-issued certificate, often obtained automatically and free, is the smoother choice.

Practical guidance

Self-signed certificates suit internal, single-operator infrastructure; authority-signed ones suit public-facing services. Either way, the goal is the same: no plaintext on the wire.

TLS termination is frequently centralized at a reverse proxy, and the encryption it provides complements the broader privacy goal of end-to-end encryption.