Differences between the CA certificate, local certificate, and self-signed certificate

1. Self-signed certificate
A self-signed certificate is called a root device. It is signed by the same entity whose identity it certifies.
When an applicant cannot apply for a local certificate from a CA, the applicant can use a self-signed certificate generated by the device to implement a simple certificate issuing function.
The device does not implement lifecycle management, such as certificate updates and certificate revocation, for the self-signed certificates generated by other devices.
2. CA certificate
.It is used to verify a CA's identity. If the PKI system does not have multiple CAs, the CA certificate is a self-signed certificate. If the PKI system has multiple CAs, a CA hierarchy is formed. At the top of the hierarchy is a root CA, which has a self-signed certificate.
An applicant determines whether to trust a CA by verifying the digital signature of the CA. Any applicant can obtain a CA certificate (including the public key) to verify the issued local certificate.
3. Local certificate
It is a certificate issued by the CA to an applicant.
4. Local certificate
A device certificate is issued by a PKI entity with a certificate authority (CA) signature. The issuer name of the certificate is the name of the CA server.
When an applicant cannot apply for a local certificate from a CA, the applicant can use a self-signed certificate generated by the device to implement a simple certificate issuing function.

Scroll to top