Types of SSL/TLS Certificates Explained – Beginners Guide

In this guide, we have explained the different types of SSL/TLS certificates with its use cases.

Terms Used:

  1. CA – Certificate Authority
  2. Root CA – Root Certificate Authority Certificate (Public)
  3. SSL – Secure Socket Layer
  4. TLS – Transport Layer Security

Types of SSL/TLS Certificates

There are three types of SSL Certificates.

  1. Self Signed SSL
  2. SSL from Trusted Certificate Authorities
  3. SSL signed by own Certificate Authority

Let’s have a look at each type and its use cases.

Self Signed Certificate

Self-signed certificates are generated without a Certificate Authority. Whenever you try to access the website or service which uses the self-signed certificate it will always throw a browser warning saying that your connection is not secure. Also, it doesn’t have an expiry date.

Use Case: Normally used for development purposes. It will not be used for any production environments.

Certificates Signed By Trusted CA

There are Certificate Authorities trusted by all web browsers. Normally these are paid services (Symantec, Comodo, DigiCert etc).

In this model,  the CA vendor will do validations to make sure the requested party owns the domain for which the SSL is requested for.

When you access a website which uses an SSL certificate signed by a trusted CA, you will not see the warning sign as the browser trust these Certificate Authorities by default.

Letsencrypt is a free open source trusted CA.

Use Case: Used on all public (Internet) facing applications. All the banking, ecommerce, organisations use a valid certificate signed by a trusted CA authority. The root CA certificate will be present on all the browsers by default if it is a trusted CA authority.

Certificates Signed By Your Own CA

You can create your own CA certificate and use it to sign the SSL certificates. It is normally used within an organisations network or authentication between specific services which is limited to the organisation network. In this model, the root CA cert will be installed on all the clients/servers which use SSL for authentication.

Use Case: Used applications internal to organisations. In this case, the organisation will provide the root CA to everyone who wants to access the internal application over SSL. They have to install the root CA manually in their respective browsers. Once added, they will not see the warning message when they access the services over SSL.

Read Next: How To Create CA and Generate SSL/TLS Certificates & Keys

Related

This guide explains the process of creating CA keys and certificates and use them to generate SSL/TLS certificates…

Read more

Internet is huge! Help us find great content

Newsletter

Never miss a thing! Sign up for our newsletter to stay updated.

About

The Best Tutorials & Tips to Speedup Your DevOps Workflow.

Created by Bibin Wilson.

​98
%

Off

Udemy Black Friday Offer Courses For $9.99 For Limited Time