Internal Certificate Authority

An internal certificate authority is an organization that generates its own digital certificates instead of paying a certificate authority (CA) to create them. Digital certificates and CAs are crucial components of public key infrastructure (PKI). Organizations typically buy transport layer security (TLS) or secure sockets layer (SSL) certificates from CAs to improve security on their websites and to build trust with site visitors and customers.

Digital certificates provide third-party endorsement from a reputable organization for the legitimate identity of websites. You can think of them as digital passports.

For example, when you visit a website that uses SSL, that certificate tells you that the website is who it says it is and that any communication between you and that website will be encrypted. This is true for both publicly accessible websites and for private web servers and virtual private networks (VPNs) that only the people belonging to a certain organization can access.

Pros and cons of internal certificate authority

An organization may choose to issue its own digital certificates for a number of reasons, but it’s important to weigh the pros and cons when deciding whether or not to do so.

Cost savings

The most frequently cited advantage of issuing your own certificates is cost savings. A digital certificate from a reputable CA can cost upwards of $400 per year. Organizations that effectively become their own CA should only do so if they can save money by doing it. Some people mistakenly believe that issuing your own digital certificates is free, but this isn’t necessarily true.

Issuing your own digital certificates requires your own server, storage space, and IT resources. Unless you intend to develop your own certificate-issuing software, you may also have to pay for a certificate-generating software system, though some open source options exist.

Security concerns

Some organizations may choose to issue their own digital certificates in the interest of tighter security. Certificate authorities are logical targets for hackers, and in the wake of the 2011 DigiNotar cyber attack, some organizations felt uneasy about the security of CAs. However, most CAs today follow rigorous security protocols that make unauthorized access very difficult.

While no organization is completely impervious to being hacked, purchasing digital certificates from a reputable CA may be more secure than issuing them yourself. Unless you have the appropriate IT staff and physical protections in place at your organization, a determined hacker could breach your system and issue fake digital certificates for a man-in-the-middle attack.

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Related Articles

Human Resources Management System

A Human Resources Management System (HRMS) is a software application that supports many functions of a company's Human Resources department, including benefits administration, payroll,...

How To Defend Yourself Against Identity Theft

Almost every worldwide government agency responsible for identity theft issues will tell you the same thing: The first step to fighting identity theft is...

Infographic

An infographic is a visual representation of information or data. It combines the words information and graphic and includes a collection of imagery, charts,...

Phishing

What is phishing? Phishing is a type of cybercrime in which victims are contacted by email, telephone, or text message by an attacker posing as...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...