In this guide, we have explained the different types of SSL/TLS certificates with its use cases.
There are three types of SSL Certificates.
Let’s have a look at each type and its use cases.
Self-signed certificates are generated without a Certificate Authority. Whenever you try to access the website or service which uses the self-signed certificate it will always throw a browser warning saying that your connection is not secure. Also, it doesn’t have an expiry date.
Use Case: Normally used for development purposes. It will not be used for any production environments.
There are Certificate Authorities trusted by all web browsers. Normally these are paid services (Symantec, Comodo, DigiCert etc).
In this model, the CA vendor will do validations to make sure the requested party owns the domain for which the SSL is requested for.
When you access a website which uses an SSL certificate signed by a trusted CA, you will not see the warning sign as the browser trust these Certificate Authorities by default.
Letsencrypt is a free open source trusted CA.
Use Case: Used on all public (Internet) facing applications. All the banking, ecommerce, organisations use a valid certificate signed by a trusted CA authority. The root CA certificate will be present on all the browsers by default if it is a trusted CA authority.
You can create your own CA certificate and use it to sign the SSL certificates. It is normally used within an organisations network or authentication between specific services which is limited to the organisation network. In this model, the root CA cert will be installed on all the clients/servers which use SSL for authentication.
Use Case: Used applications internal to organisations. In this case, the organisation will provide the root CA to everyone who wants to access the internal application over SSL. They have to install the root CA manually in their respective browsers. Once added, they will not see the warning message when they access the services over SSL.
This guide explains the process of creating CA keys and certificates and use them to generate SSL/TLS certificates…