Advantages internal Certificate Authority (CA)
• Simplified and ease of management is the main advantage of using internal Certificate Authority (CA). There is no need to depend an external entity for certificates.
• In a Microsoft Windows environment, internal Certificate Authority (CA) can be integrated in Active Directory. This further simplifies the management of the CA structure.
• There is no cost per certificate wen you are using an internal Certificate Authority (CA).
• Internal Certificate Authorities (CAs) are cheaper to configure, and expand the Public Key Infrastructure (PKI).
• The auto-enrollment feature of Windows Server 2003 further simplifies the certificate issuing process.
Disadvantages of internal Certificate Authority (CA)
• Implementing internal Certificate Authority (CA) is more complicated than using external Certificate Authority (CA).
• The security and accountability of Public Key Infrastructure (PKI) is completely on the organization's shoulder.
• External parties normally will not trust a digital certificate signed by an internal Certification Authority (CA).
• The certificate management overhead of internal Certification Authority (CA) is higher than that of external Certification Authority (CA).
Advantages of external Certificate Authority (CA)
• The external CA responsible for the security and accountability of Public Key Infrastructure.
• External parties normally trust a digital certificate signed by a trusted external CA, such as VeriSign, Thwate, Comodo, SecureNet etc.
• The certificate management overhead of external Certification Authority (CA) is lower than that of internal Certification Authority (CA).
Disadvantages of external Certification Authority (CA)
• Integration between an external Certification Authority (CA) and the infrastructure of the organization is limited.
• Your organization need to pay per certificate when you are using the services of an external Certification Authority (CA).
• Less flexibility when configuring, expanding and managing certificates.
