Internal Certificate Authority Definition & Meaning
An internal certificate authority is an organization that generates its own digital certificates instead of paying a certificate authority (CA) to create them. Digital certificates and CAs are crucial components of public key infrastructure (PKI). Organizations typically buy transport layer security (TLS) or secure sockets layer (SSL) certificates from CAs to improve security on their websites and to build trust with site visitors and customers.
Digital certificates provide third-party endorsement from a reputable organization for the legitimate identity of websites. You can think of them as digital passports.
For example, when you visit a website that uses SSL, that certificate tells you that the website is who it says it is and that any communication between you and that website will be encrypted. This is true for both publicly accessible websites and for private web servers and virtual private networks (VPNs) that only the people belonging to a certain organization can access.
Pros and cons of internal certificate authority
An organization may choose to issue its own digital certificates for a number of reasons, but it’s important to weigh the pros and cons when deciding whether or not to do so.
The most frequently cited advantage of issuing your own certificates is cost savings. A digital certificate from a reputable CA can cost upwards of $400 per year. Organizations that effectively become their own CA should only do so if they can save money by doing it. Some people mistakenly believe that issuing your own digital certificates is free, but this isn’t necessarily true.
Issuing your own digital certificates requires your own server, storage space, and IT resources. Unless you intend to develop your own certificate-issuing software, you may also have to pay for a certificate-generating software system, though some open source options exist.
Some organizations may choose to issue their own digital certificates in the interest of tighter security. Certificate authorities are logical targets for hackers, and in the wake of the 2011 DigiNotar cyber attack, some organizations felt uneasy about the security of CAs. However, most CAs today follow rigorous security protocols that make unauthorized access very difficult.
While no organization is completely impervious to being hacked, purchasing digital certificates from a reputable CA may be more secure than issuing them yourself. Unless you have the appropriate IT staff and physical protections in place at your organization, a determined hacker could breach your system and issue fake digital certificates for a man-in-the-middle attack.
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top... Read More »Huge List of Computer Certifications
Have you heard about a computer certification program but can't figure out if it's right for you? Use this handy list to help you decide. Read More »
Computer architecture provides an introduction to system design basics for most computer science students. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »The Five Generations of Computers
Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »