Self-Signed Cert vs Certificate Authority Cert vs 3rd party Cerificate Authority Certs
Hi Folks,
Can anyone explain what is the Difference between the above 3 method of certificates, let me explain my understanding first.
Self-Signed:
Issued by : Webserver1
Issued to : Webserver1
Certificate Authority signed :
Issued to: Websever1
Issued by: Microsoft CA Server
3rd Party CA Cert:
Issued to: Websever1
Issued by: Comodo or Symantec or Verisign
Now the question is what is the difference between using self signed for my Web server and using certificate authority signed for web server. I'm not asking about 3rd party certificate.
Can anyone explain what is the Difference between the above 3 method of certificates, let me explain my understanding first.
Self-Signed:
Issued by : Webserver1
Issued to : Webserver1
Certificate Authority signed :
Issued to: Websever1
Issued by: Microsoft CA Server
3rd Party CA Cert:
Issued to: Websever1
Issued by: Comodo or Symantec or Verisign
Now the question is what is the difference between using self signed for my Web server and using certificate authority signed for web server. I'm not asking about 3rd party certificate.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi Mohamed,
Yes the error message. And with self-signed, if you need a second certificate, you will need again to install that CA's certificate in the root keystore of all clients.
But if you have you an internally CA and you have installed the root keystore in the clients. If you create a second certificate, your machine will trust because there are issued by the same CA.
With internal CA it is more easy to populate the trust.
If you will only need only one certificate you can use self-signed. But if you are planning in a future install new certificate, it is best to have internal CA (more functional).
And always the best is third party certificate.
Regards
Valentina
Yes the error message. And with self-signed, if you need a second certificate, you will need again to install that CA's certificate in the root keystore of all clients.
But if you have you an internally CA and you have installed the root keystore in the clients. If you create a second certificate, your machine will trust because there are issued by the same CA.
With internal CA it is more easy to populate the trust.
If you will only need only one certificate you can use self-signed. But if you are planning in a future install new certificate, it is best to have internal CA (more functional).
And always the best is third party certificate.
Regards
Valentina
ASKER
I have better idea now thanks a lot for your assistance...
One last question: As you mentioned (Yes the error message. And with self-signed, if you need a second certificate, you will need again to install that CA's certificate in the root keystore of all clients)
Self-signed certificate doesn't need internal CA then which CA certificate we need to add in root keystore?
One last question: As you mentioned (Yes the error message. And with self-signed, if you need a second certificate, you will need again to install that CA's certificate in the root keystore of all clients)
Self-signed certificate doesn't need internal CA then which CA certificate we need to add in root keystore?
Hi Mohamed,
You are correct.. I mean you will need to install the certicate itself in the root keystore.
If it is an internal CA, you will need to install that CA's certificate in the root keystore of all clients only the fisrt time. After if you need the second certificate, it will already trust your CA.
Regards
Valentina
You are correct.. I mean you will need to install the certicate itself in the root keystore.
If it is an internal CA, you will need to install that CA's certificate in the root keystore of all clients only the fisrt time. After if you need the second certificate, it will already trust your CA.
Regards
Valentina
ASKER
Thanks for the responces
ASKER
So for server authentication certificate, is it make any difference between self-signed and Local CA signed ???
Because i can see lot of machines contains self signed certificate that means the certificate issued to and issued by are same in most of the servers.
I'm thinking to change all those certificate to Local CA signed certificate... so what is the difference between these two cert types? only the error message???