How can a certificate be issued?

• A. A certificate is typically signed by a trusted CA
• B. A certificate can only be self-signed
• C. A certificate cannot be self-signed
• D. A certificate is typically signed by a trusted CA or can be self signed using the Java Keytool

Answer: (D)

Certificates establish identity and enable encrypted communication by binding a public key to an entity, and this binding is trusted through a signature. The usual path is for a trusted Certificate Authority to sign the certificate, creating a trusted chain that clients automatically recognize. If you don’t want to obtain a CA-signed certificate, you can generate a self-signed certificate, and in Java environments tools like Java Keytool can create and sign it yourself. Remember that self-signed certificates are not trusted by clients by default—you’d need to distribute and import the certificate (or its containing CA) into each client’s truststore. In practice, production deployments rely on CA-signed certificates, while self-signed ones are common for development or internal services.