Find if a certificate is self signed or CA signed

Question

I have a web app, which allows user to upload pkcs12. I store the pkcs12 as binary in database. Is there any way for me to know if the certificate in the pkcs12 is self signed

Answer 1

The accepted answer here isn't strictly correct. Old question, but this is the first result in google for "how to tell if a certificate is self signed" so it needs to be cleared up.

A cert is almost always self-signed if the issuer and subject match, but it's not guaranteed. A certificate can be "self-issued" where it has the same issuer/subject but is signed by a private key that isn't paired with the public key in the cert.

The first part of the answer above from NitinB is the right way to check for a self-signed cert:

openssl verify -CAfile self_signed_cert.pem self_signed_cert.pem

"All self-signed certs are self-issued, but not all self-issued certs are self-signed."

Citation: https://tools.ietf.org/html/rfc5280

"Self-issued certificates are CA certificates in which the issuer and subject are the same entity. Self-issued certificates are generated to support changes in policy or operations. Self- signed certificates are self-issued certificates where the digital signature may be verified by the public key bound into the certificate."