Internal Certificate Authority

An internal certificate authority is an organization that generates its own digital certificates instead of paying a certificate authority (CA) to create them. Digital certificates and CAs are crucial components of public key infrastructure (PKI). Organizations typically buy transport layer security (TLS) or secure sockets layer (SSL) certificates from CAs to improve security on their websites and to build trust with site visitors and customers.

Digital certificates provide third-party endorsement from a reputable organization for the legitimate identity of websites. You can think of them as digital passports.

For example, when you visit a website that uses SSL, that certificate tells you that the website is who it says it is and that any communication between you and that website will be encrypted. This is true for both publicly accessible websites and for private web servers and virtual private networks (VPNs) that only the people belonging to a certain organization can access.

Pros and cons of internal certificate authority

An organization may choose to issue its own digital certificates for a number of reasons, but it’s important to weigh the pros and cons when deciding whether or not to do so.

Cost savings

The most frequently cited advantage of issuing your own certificates is cost savings. A digital certificate from a reputable CA can cost upwards of $400 per year. Organizations that effectively become their own CA should only do so if they can save money by doing it. Some people mistakenly believe that issuing your own digital certificates is free, but this isn’t necessarily true.

Issuing your own digital certificates requires your own server, storage space, and IT resources. Unless you intend to develop your own certificate-issuing software, you may also have to pay for a certificate-generating software system, though some open source options exist.

Security concerns

Some organizations may choose to issue their own digital certificates in the interest of tighter security. Certificate authorities are logical targets for hackers, and in the wake of the 2011 DigiNotar cyber attack, some organizations felt uneasy about the security of CAs. However, most CAs today follow rigorous security protocols that make unauthorized access very difficult.

While no organization is completely impervious to being hacked, purchasing digital certificates from a reputable CA may be more secure than issuing them yourself. Unless you have the appropriate IT staff and physical protections in place at your organization, a determined hacker could breach your system and issue fake digital certificates for a man-in-the-middle attack.

Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

Text Abbreviations reviewed by Web Webster   From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Generations of Computers (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

Direct Marketing

Direct marketing is a strategy for selling products and services directly...

Compact Disc

A compact disc (CD) is a polycarbonate disc measuring 120 mm in diameter...

LED

A light emitting diode (LED) is an electronic component that emits (gives off)...