Deciding Between Public and Private Certification Authorities
There are two “flavors” of certification hierarchies that you can use. I’ll refer to them as private and public PKI hierarchies. Just as in most decisions, there are benefits and drawbacks to each. I’ll briefly discuss these flavors here and show how they will help or hinder you in reaching your goals for your PKI. Later in the chapter, I’ll provide more in-depth examinations of each that specifically address the deployment and integration methods for those flavors.
Before we begin, it is helpful to know that the two flavors of PKI—private and public—are not completely isolated. It is possible to integrate a private PKI with other users or organizations, even organizations outside your own company. There are ways to build explicit trusts between organizations, no matter what flavor of PKI is used. These methods are simply more complex than one flavor or the other.
Public Certification Authorities
The criteria for selecting a public certificate authority will vary depending on numerous factors. Some of these factors will help you decide whether to use a public or private CA. Others may help you decide between the many public CAs available if you choose that type of solution.
- Cost
Often the driving factor in these decisions is the cost per certificate desired. This depends on many factors, but in general public certification authorities charge per issued certificate and per validity period. They may also charge for customized ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
