In contrast with conventional networks, mobile ad hoc networks do not provide on-line access to trusted authorities or to centralized servers. For this reason, key management is particularly difficult to implement in such networks. The solutions published so far alleviate the problem by requiring a trusted authority only in the system start-up phase (for the distribution of initial keys or key shares). Here, we consider a more extreme case where there is no central authority at all, not even in the initialization phase. We propose a fully self-organizing public-key management system, in which the users generate their keys, and issue, store, and distribute public-key certificates. Our system can be used for securing both networking functions (e.g., routing) and application services in mobile ad hoc networks.