Difference between a self-signed certificate and a CA-signed certificate
An SSL certificate is required for all SSL transactions, and as such is required for all SSL-enabled Virtual Services. With the LoadMaster, there are two types of SSL certificates:
- Self-signed certificates generated by the LoadMaster itself
- Certificates that are signed by a CA (Certificate Authority) such as Verisign or Thawte
When an SSL-enabled Virtual Service is configured on the LoadMaster, a self-signed certificate is installed automatically.
Generally, self-signed certificates should not be used for public-facing production websites.
They may be acceptable for use in some other scenarios, such as:
- Intranet sites
- Quality Analysis (QA) sites, where web sites are tested but not presented to the general public
Both self-signed and CA signed certificates provide encryption for data in motion. A CA-signed certificate also provides authentication - a level of assurance that the site is what it reports to be, and not an impostor website.
The primary operational difference between a self-signed certificate and a CA certificate is that with self-signed, a browser will generally give some type of error, warning that the certificate is not issued by a CA. An example of the self-signed certificate error is shown in the screenshot above.
This is the same warning message you receive when connecting to the LoadMaster Web User Interface (WUI), as the WUI uses a self-signed certificate. Generally, this warning should occur only once per browsing session.