Self-Signed and CA-Signed Certificates

Determining the type of certificate to use for secure communications sessions and the method to generate the certificate is challenging. Self-signed certificates and digital certificates issued by certificate authorities offer advantages and disadvantages. You may also be required to use both types of certificates, depending on the security requirements of your trading partners. The following table compares the advantages and disadvantages of self-signed and CA-signed certificates:

Type of Certificate Advantages Disadvantages
Self-signed certificate No cost Requires you to distribute your certificate, minus the private key, to each trading partner in a secure manner
  Easy to generate Difficult to maintain; anytime the certificate is changed, it must be distributed to all clients
  Self-validated Not validated by a third-party entity
  Efficient for small number of trading partners Inefficient for large number of trading partners
CA-signed certificate Eliminates having to send your certificate to each trading partner Trading partners must download digital CA-signed certificate used to verify the digital signature of trading partner public keys.
  No changes are required on the trading partner's system if you recreate the CA digitally-signed certificate using the same CA Must be purchased from third-party vendor