There are two types of certificates:
- A commercial CA verifies your company’s identity, vouching for your identity by providing you with a
certificate that the CA signs. A CA need not be commercial or third-party—a company can be its own CA.
Commercial certificates are purchased from a CA such as Symantec
(http://www.symantec.com/ssl-certificates), and are usually valid for one year.
With a self-signed SSL certificate, you are verifying your own identity. The associated private key data is
encrypted using a password. A self-signed certificate can also be a wildcard certificate, allowing it to be
used by multiple servers which share the same IP address and certificate, but have different FQDNs.
Although this kind of certificate is secure, a self-signed certificate is not in the browser’s built-in list of
CAs, so the user is prompted to accept it before each connection. There are a few ways to avoid this
Configure the Secure Mobile Access clients to use the certificate root file.
Add the self-signed certificate to the user’s list of Trusted Root Certificate Authorities in the Web browser.
Use a commercial CA, which is widely trusted by default.
When deciding which type of certificate to use for the servers, consider who will be connecting to the appliance
and how they will use resources on your network:
If business partners are connecting to Web resources through the appliance, they will likely want some
assurance of your identity before performing a transaction or providing confidential information. In this
case, you would probably want to obtain a certificate from a commercial CA for the appliance.
On the other hand, employees connecting to Web resources may trust a self-signed certificate. Even
then, you may want to obtain a third-party certificate so that users are not prompted to accept a
self-signed certificate each time they connect.
- To accommodate users who connect to the appliance from small form factor devices, configure the
appliance with a certificate from a leading CA (such as VeriSign), or import the root certificate from your
CA to your users’ small form factor devices.
When the appliance is configured with a certificate from a CA that is not well known or one
that is self-signed, small form factor device users may see an error message and be unable to log in. For
more information on small form factor devices, see WorkPlace and Small Form Factor Devices.
Was This Article Helpful?
Help us to improve our support portal