Page History

...

• Self-issued Certificates are created individually per user and are deployed from individual certificate files to Controllers and Agents.
  • There is no security gap in use of self-issued Certificates. When users store certificate files to Controllers and Agents then this proves that they trust the certificates.
• Private CA-signed Certificates are issued by users who operate their own Private Certificate Authority (CA). Individual Signing Certficates on behalf of users are not deployed to Controllers and Agents. Instead, the CA Certificate is deployed that was used to sign individual Signing Certificates.
  • The approach includes that any Signing Certificate signed by the CA will be accepted for deployment of scheduling objects.
  • For better control which certificates are made available for deplyoment, users might decide to use a specific Private CA.
• Public CA-signed Certificates are issued by a trusted Certificate Authority (CA) that validates the domain owner. They Such certificates are not created by users but are purchased from the trusted CA and therefore are not considered in the scope of this article.

There is no difference in using a Private CA or Public CA concerning functionality of X.509 certificates, usage for Signing, or security of certificates. The only difference is that users trust the Private CA that they set up on their own.

...