Comparison between Internal and External Certificate Authorities (CAs), Internal CA Vs External CA

Advantages internal Certificate Authority (CA)

• Simplified and ease of management is the main advantage of using internal Certificate Authority (CA). There is no need to depend an external entity for certificates.

• In a Microsoft Windows environment, internal Certificate Authority (CA) can be integrated in Active Directory. This further simplifies the management of the CA structure.

• There is no cost per certificate wen you are using an internal Certificate Authority (CA).

• Internal Certificate Authorities (CAs) are cheaper to configure, and expand the Public Key Infrastructure (PKI).

• The auto-enrollment feature of Windows Server 2003 further simplifies the certificate issuing process.

Disadvantages of internal Certificate Authority (CA)

• Implementing internal Certificate Authority (CA) is more complicated than using external Certificate Authority (CA).

• The security and accountability of Public Key Infrastructure (PKI) is completely on the organization's shoulder.

• External parties normally will not trust a digital certificate signed by an internal Certification Authority (CA).

• The certificate management overhead of internal Certification Authority (CA) is higher than that of external Certification Authority (CA).

Advantages of external Certificate Authority (CA)

• The external CA responsible for the security and accountability of Public Key Infrastructure.

• External parties normally trust a digital certificate signed by a trusted external CA, such as VeriSign, Thwate, Comodo, SecureNet etc.

• The certificate management overhead of external Certification Authority (CA) is lower than that of internal Certification Authority (CA).

Disadvantages of external Certification Authority (CA)

• Integration between an external Certification Authority (CA) and the infrastructure of the organization is limited.

• Your organization need to pay per certificate when you are using the services of an external Certification Authority (CA).

• Less flexibility when configuring, expanding and managing certificates.

Related Tutorials