Browse Definitions :
Definition

private certificate authority (CA)

A private CA is an enterprise-specific certificate authority (CA) that functions like a publicly trusted CA but is exclusively run by -- or for -- the enterprise. With a private CA, an enterprise creates its own private root certificate which can issue private end-entity certificates for internal servers and users.  Certificates issued by a private CA are not publicly trusted and should not be used outside of the enterprise's trusted members and infrastructure.  

A certificate authority ultimately vouches for the identity of every machine, user or code process in the infrastructure. Without this kind of strong identity, attacks are possible whereby man-in-the-middle software programs steal information or issue false commands, potentially resulting in data loss, security breaches, theft of funds or other problems.  In the case of public trust mechanisms -- such as certificates used to secure web traffic, email and distributed code -- issued certificates follow a cryptographic "chain" up to public CAs.  In the case of a private CA, the enterprise sets itself up as the ultimate source of truth on which devices, users or processes are trusted inside the network.

In the past, enterprises commonly used the Microsoft CA tool for Windows machines or anything in the Microsoft technology stack. Microsoft CA was free and integrated with Active Directory, so it was well suited to much of this use. In recent years, however, trends like mobile device support (including BYOD), internet of things (IoT), cloud computing and DevOps have forced the use of non-Microsoft operating systems at large scale for business-critical applications. These architectures have required the adoption of other private CA offerings, including aftermarket private CA applications from IT security vendors.

Common uses of private CAs include:

  • Intranet sites
  • VPN or wireless authentication
  • Device identification
  • Internet of Things (IoT) projects
  • Secure communications between internal services
  • Interoperable communications between third parties including containerized or API-connected cloud environments.

Why are private CAs important?

The need for certificate-controlled identity inside the enterprise is vast.  Many of the use cases are inappropriate for common publicly trusted certificates, so enterprises must issue certificates from their own trust structure for these circumstances. Failure to implement strong identity practice for internal systems poses an unacceptable risk for data theft or other catastrophic breaches.

A commercial private CA offering can help an enterprise reduce risk and aid compliance by following the best practices of public key infrastructure (PKI), cryptography and IT security -- including tracking and automating the renewal of deployed certificates.  It can reduce time to market and increase business agility by allowing network administrators to manage certificates and practices rather than creating their own PKI from scratch.  And it can free up employee time for other tasks by automating the majority of the administrative tasks for internal certificates.

What else should the reader know about private CAs?

Many of the architectures driving the increased use of certificates are still in their early days.  Containers, multi-cloud, IoT and other contemporary computing architectures are driving up the number of certificates required by orders of magnitude, which in many cases reduce the lifespan of the average certificate accordingly.  In these architectures, automation is a requirement for certificate deployment and management.

This was last updated in July 2019

Continue Reading About private certificate authority (CA)

Networking
  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • private 5G

    Private 5G is a wireless network technology that delivers 5G cellular connectivity for private network use cases.

  • NFVi (network functions virtualization infrastructure)

    NFVi (network functions virtualization infrastructure) encompasses all of the networking hardware and software needed to support ...

Security
  • virus (computer virus)

    A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an ...

  • Certified Information Security Manager (CISM)

    Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the ...

  • cryptography

    Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is...

CIO
  • B2B (business to business)

    B2B (business-to-business) is a type of commerce involving the exchange of products, services or information between businesses, ...

  • return on investment (ROI)

    Return on investment (ROI) is a crucial financial metric investors and businesses use to evaluate an investment's efficiency or ...

  • big data as a service (BDaaS)

    Big data as a service (BDaS) is the delivery of data platforms and tools by a cloud provider to help organizations process, ...

HRSoftware
  • talent acquisition

    Talent acquisition is the strategic process an organization uses to identify, recruit and hire the people it needs to achieve its...

  • human capital management (HCM)

    Human capital management (HCM) is a comprehensive set of practices and tools used for recruiting, managing and developing ...

  • Betterworks

    Betterworks is performance management software that helps workforces and organizations to improve manager effectiveness and ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

Close