Public certificates vs Private certificates vs Self-signed certificates

Do review this information to give you a better understanding on the different types of certificates and also to determine which type of certificate best suits your business needs.

The choices that you have for obtaining your certificates include:

  • Public Certificates - Purchasing your certificates from a public Internet Certificate Authority (CA).
  • Private Certificates - Operating your own local CA to issue private certificates for your users and applications.
  • Self Signed Certificates - Created and issued by the individual himself who is using the application server.

Using public certificates :

Public CAs issue certificates to all the users who applies for it and pays the appropriate fees based on some proof of identity. This level of proof varies depending on the identification policy of the CA. These policies have to be evaluated by the users requesting for the certificate as to whether it suits the security needs of the organisation. This can be preferred only in scenarios like, a limited number of certificates are required where a local/private CA is not affordable. 

Using private certificates :

In case of local/Private CA, certificates are issued to systems and users within a more limited scope confined to a company or an organization. The privileges of creating and issuing certificates will be limited only to those users who are trusted members of your group. Therefore this technique provides better security. But it comes at a cost of time and resources that must be invested. In the longer run for a large scale organisation, it is preferable to have a Private CA. 

Using Self Signed Certificates :

As the name suggests, here the certificates will be signed by the owner himself. Self-signed certificates are generally utilized for testing local servers and cannot be deployed in production environments as it has no relation with the identity of the person or organization who issued it. In this case even though the certificate delivers the same level of security to data that flows in the tunnel between browser and server, the owner of a web service stays anonymous. Thus to avoid mis-issuances and other sorts of fraudulent behavior a Trusted CA authorizes a Self signed certificate. Now the web-browsers will accept the certificate without throwingthe error "This certificate is not trusted because it is self signed" and such certificates can be deployed on production environments as well.

My previous articles can be referred to create and deploy self signed certificates :

Hope this helps.. Happy certifying!!