Types of SSL/TLS Certificates Explained – Beginners Guide
In this guide, we have explained the different types of SSL/TLS certificates with its use cases.
- CA – Certificate Authority
- Root CA – Root Certificate Authority Certificate (Public)
- SSL – Secure Socket Layer
- TLS – Transport Layer Security
Types of SSL/TLS Certificates
There are three types of SSL Certificates.
- Self Signed SSL
- SSL from Trusted Certificate Authorities
- SSL signed by own Certificate Authority
Let’s have a look at each type and its use cases.
Self Signed Certificate
Self-signed certificates are generated without a Certificate Authority. Whenever you try to access the website or service which uses the self-signed certificate it will always throw a browser warning saying that your connection is not secure. Also, it doesn’t have an expiry date.
Use Case: Normally used for development purposes. It will not be used for any production environments.
Certificates Signed By Trusted CA
There are Certificate Authorities trusted by all web browsers. Normally these are paid services (Symantec, Comodo, DigiCert etc).
In this model, the CA vendor will do validations to make sure the requested party owns the domain for which the SSL is requested for.
When you access a website which uses an SSL certificate signed by a trusted CA, you will not see the warning sign as the browser trust these Certificate Authorities by default.
Letsencrypt is a free open source trusted CA.
Use Case: Used on all public (Internet) facing applications. All the banking, ecommerce, organisations use a valid certificate signed by a trusted CA authority. The root CA certificate will be present on all the browsers by default if it is a trusted CA authority.
Certificates Signed By Your Own CA
You can create your own CA certificate and use it to sign the SSL certificates. It is normally used within an organisations network or authentication between specific services which is limited to the organisation network. In this model, the root CA cert will be installed on all the clients/servers which use SSL for authentication.
Use Case: Used applications internal to organisations. In this case, the organisation will provide the root CA to everyone who wants to access the internal application over SSL. They have to install the root CA manually in their respective browsers. Once added, they will not see the warning message when they access the services over SSL.