Self-Signed and CA-Signed Certificates
Determining the type of certificate to use for secure communications sessions and the method to generate the certificate is challenging. Self-signed certificates and digital certificates issued by certificate authorities offer advantages and disadvantages. You may also be required to use both types of certificates, depending on the security requirements of your trading partners. The following table compares the advantages and disadvantages of self-signed and CA-signed certificates:
Type of Certificate | Advantages | Disadvantages |
---|---|---|
Self-signed certificate | No cost | Requires you to distribute your certificate, minus the private key, to each trading partner in a secure manner |
Easy to generate | Difficult to maintain; anytime the certificate is changed, it must be distributed to all clients | |
Self-validated | Not validated by a third-party entity | |
Efficient for small number of trading partners | Inefficient for large number of trading partners | |
CA-signed certificate | Eliminates having to send your certificate to each trading partner | Trading partners must download digital CA-signed certificate used to verify the digital signature of trading partner public keys. |
No changes are required on the trading partner's system if you recreate the CA digitally-signed certificate using the same CA | Must be purchased from third-party vendor |