How can we help?

The latest application delivery knowledge and expertise at your fingertips.

Difference between a self-signed certificate and a CA-signed certificate

An SSL certificate is required for all SSL transactions, and as such is required for all SSL-enabled Virtual Services. With the LoadMaster, there are two types of SSL certificates:

  • Self-signed certificates generated by the LoadMaster itself
  • Certificates that are signed by a CA (Certificate Authority) such as Verisign or Thawte

When an SSL-enabled Virtual Service is configured on the LoadMaster, a self-signed certificate is installed automatically.

Generally, self-signed certificates should not be used for public-facing production websites. 

They may be acceptable for use in some other scenarios, such as:

  • Intranet sites
  • Quality Analysis (QA) sites, where web sites are tested but not presented to the general public


Certificate Basics

Both self-signed and CA signed certificates provide encryption for data in motion. A CA-signed certificate also provides authentication - a level of assurance that the site is what it reports to be, and not an impostor website. 


Operational Differences

The primary operational difference between a self-signed certificate and a CA certificate is that with self-signed, a browser will generally give some type of error, warning that the certificate is not issued by a CA. An example of the self-signed certificate error is shown in the screenshot above.

This is the same warning message you receive when connecting to the LoadMaster Web User Interface (WUI), as the WUI uses a self-signed certificate. Generally, this warning should occur only once per browsing session.