Certificates

Three different types of certificates, Self-Signed Certificates, Certificates signed by a Self-Signed

Certificate Authority and Certificates signed by a Public Certificate Authority within the scope of LDAP.

SSL Certificate
SSL certificates are the files that been installed in the web server, and it is designed for protect the
connection between web server and client/ visitor. An SSL certificate is a type of digital certificate, it
provide a secure link between website and visitor’s browser, it is using the SSL technology to secure
all the data passed between the two will be private and secure. SSL technology is like Encryption, it is
the process to prevent hacker to access to sensitive information, like customer’s credit card and
personal information, it is ideal for every web server to install SSL certificate.

Types of SSL Certificates

Single domain (Validation levels: DV, OV and EV)

A "single domain" certificate allows to secure one domain name. If you only have a website without
subdomains containing input forms, this type of certificate is adequate

Wildcard: unlimited subdomains (Validation levels: DV and OV)

A Wildcard certificate allows to secure a domain name and all its subdomains. If your website
contains forms on several of your subdomains, this type of certificate allows you to secure your entire
website.

Multi-domains: multiple domain names (Validation levels: DV, OV and EV)

Multi-domain certificates or Server Alternative Name (SAN) are used to secure multiple domain
names. If you have different websites this is the simplest option as you use only one certificate.

EV: Certificates with Extended Validation

This type of certificate has the highest validation level as it requires a complete organization
verification as well as other documents such as address, phone number, etc.
It allows the display of the company name in the green bar of the URL, which enhances the user's
sense of security. Certificates with extended validation are perceived as the benchmark for safety.
They are often used by worldwide site wishing to offer the best protection for their customers but also
certify their identity to the highest level of recognition.

OV: validation of the organization

OV certificates require the legal existence of the applicant as owner of the site. They may take several
days to be issued due to the documents required. This type of certificate connects the domain name
to the company that owns it, the user can therefore verify that the site is the company one.

DV: domain validation

DV certificates are the fastest to install. To get one you only have to prove that you are the domain
name owner through a verification email. It is the most widespread certificate as it is the fastest and
most economical to install.

What is a Self-Signed Certificates?

Normally to apply certificate for an SSL server, we need to use the certificate that issued by Certificate
Authority. Self-Signed Certificate is the certificate that is signed by the server owner it self, technically
Self-Signed Certificates is the certificate sign with own private key, it haven’t been prove or trust by
any identity of person or organization, anyone can create an Self-Signed Certificates to install in the
web server. Self-Signed Certificates normally been installed to web server like an Intranet,
development server or some personal websites with few visitors.
Advantages:
Installing Self-Signed Certificates to web server is reducing the cost of certificate. To purchased an
Certificate from a trusted authority, normally it will cost $1500, which is quite expensive for the new
website or startup developer, so Self-Signed Certificates provides a cheaper alternative option. Self-
Signed Certificates can be easily created by any developer, even though if you are new to the SSL,
you can get it though free Self-Signed Certificates creator website, it will only takes few minutes to
download and be install to the web server. Also for developer, intranet and personal website, it is
unlikely to attack by someone else, especially like intranet there is virtually no chance for outsider to
attack, so using Self-Signed Certificates is great option under these situation.
Disadvantage:
When Certificates has been installed to web server, it is used for protecting the information transfer
between the visitor and website. Self-Signed Certificates will cause problem like attacker can access
to all the data between the two by hijacking. For business website, Self-Signed Certificates cannot
protect sensitive information like customer credit card and personal detail when they sent it to the
website, it will reduce the the business chance for the company. Secondly when visitor accessing
Self-Signed Certificates website, normally the browser will notify the visitor to abort browsing the page
for security reasons, and it will make the visitor feel unsafe for this website. If using Self-Signed
Certificates on internal sites, there is also risk that it will encourage dangerous public browsing
behavior, leaving the internal sites for vulnerable to malware and other threats.

What is Certificates signed by a Self-Signed Certificate Authority

When website request an Certificate for a Certificate Authority, it will send a Certificate Signing
Request to the Certificate Authority, the Certificate Authority will return a certificate that signed by
them and using their root certificate and private key, then all visitor will have a copy of Certificate
Authority root certificate, so the browser can verify the website is signed by a trusted Certificate
Authority. And that’s the reason that browser can’t verify Self-Signed Certificate, because it doesn’t
have the root certificate and private key.

Self-Signed Certificate Authority is a good options if you have multiple certificates to use and it can be
manually install to your Self-Signed Certificate. Different to Self-Signed Certificate, Certificates signed
by a Self-Signed Certificate Authority will be trusted by the browser, because we can installing the
Certificate Authority into the certificate manually, and it only have to install the Certificate Authority for
once, all certificates issued from that Certificate Authority will then inherit that trust. To install
Certificate Authority is also pretty simple, it takes the command from OpenSSL library, and it is
designed easier to create a CA and then issue, renew, and revoke certificates.

Certificates signed by a Public Certificate Authority

What is Certificates signed by a Public Certificate Authority
Certificate Authority is the organization that provides trusted certificate for websites. As we mentioned
a bit of Certificate Authority before, A certificate authority is a trusted entity that manages and issues
security certificates and public keys that are used for secure communication in a public network.
Different to Self-Signed Certificate, Certificate Authority provides root certificate and private key that
can be trusted by the public, it is ideal for business or larger website that allow public to access.