Internal Certificate Authority

An internal certificate authority is an organization that generates its own digital certificates instead of paying a certificate authority (CA) to create them. Digital certificates and CAs are crucial components of public key infrastructure (PKI). Organizations typically buy transport layer security (TLS) or secure sockets layer (SSL) certificates from CAs to improve security on their websites and to build trust with site visitors and customers.

Digital certificates provide third-party endorsement from a reputable organization for the legitimate identity of websites. You can think of them as digital passports.

For example, when you visit a website that uses SSL, that certificate tells you that the website is who it says it is and that any communication between you and that website will be encrypted. This is true for both publicly accessible websites and for private web servers and virtual private networks (VPNs) that only the people belonging to a certain organization can access.

Pros and cons of internal certificate authority

An organization may choose to issue its own digital certificates for a number of reasons, but it’s important to weigh the pros and cons when deciding whether or not to do so.

Cost savings

The most frequently cited advantage of issuing your own certificates is cost savings. A digital certificate from a reputable CA can cost upwards of $400 per year. Organizations that effectively become their own CA should only do so if they can save money by doing it. Some people mistakenly believe that issuing your own digital certificates is free, but this isn’t necessarily true.

Issuing your own digital certificates requires your own server, storage space, and IT resources. Unless you intend to develop your own certificate-issuing software, you may also have to pay for a certificate-generating software system, though some open source options exist.

Security concerns

Some organizations may choose to issue their own digital certificates in the interest of tighter security. Certificate authorities are logical targets for hackers, and in the wake of the 2011 DigiNotar cyber attack, some organizations felt uneasy about the security of CAs. However, most CAs today follow rigorous security protocols that make unauthorized access very difficult.

While no organization is completely impervious to being hacked, purchasing digital certificates from a reputable CA may be more secure than issuing them yourself. Unless you have the appropriate IT staff and physical protections in place at your organization, a determined hacker could breach your system and issue fake digital certificates for a man-in-the-middle attack.

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Related Articles

10 Quick Tips For Social Media Marketing

10 Quick Tips for Social Media Marketing Social Media Defined: Social media is a phrase used to describe a variety of Web-based platforms, applications and...

Digital Advertising

What is Digital Advertising? Digital advertising is marketing to a target audience through digital platforms, including social media, email, search engines, mobile apps, affiliate programs,...

E-Commerce

E-commerce, or electronic commerce, is online-conducted business, including marketing, sales, and fulfillment. Consumers and businesses place and track orders at least partially through the...

Virtualization Software

Virtualization software is a digital solution used to create an abstraction layer for hardware. The software creates multiple instances, or virtual machines (VMs), that...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...