In this guide, we have explained the different types of SSL/TLS certificates with its use cases.
Terms Used:
- CA - Certificate Authority
- Root CA - Root Certificate Authority Certificate (Public)
- SSL - Secure Socket Layer
- TLS - Transport Layer Security
Types of SSL/TLS Certificates
There are three types of SSL Certificates.
- Self Signed SSL
- SSL from Trusted Certificate Authorities
- SSL signed by own Certificate Authority
Let's have a look at each type and its use cases.
Self Signed Certificate
Self-signed certificates are generated without a Certificate Authority. Whenever you try to access the website or service which uses the self-signed certificate it will always throw a browser warning saying that your connection is not secure. Also, it doesn't have an expiry date.
Use Case:
Certificates Signed By Trusted CA
There are Certificate Authorities trusted by all web browsers. Normally these are paid services (Symantec, Comodo, DigiCert etc).
In this model, the CA vendor will do validations to make sure the requested party owns the domain for which the SSL is requested for.
When you access a website which uses an SSL certificate signed by a trusted CA, you will not see the warning sign as the browser trust these Certificate Authorities by default.
Letsencrypt is a free open source trusted CA.
Use Case:
Certificates Signed By Your Own CA
You can create your own CA certificate and use it to sign the SSL certificates. It is normally used within an organisations network or authentication between specific services which is limited to the organisation network. In this model, the root CA cert will be installed on all the clients/servers which use SSL for authentication.
Use Case:
Read Next:How To Create CA and Generate SSL/TLS Certificates & Keys