Product: TIBCO Spotfire®
Difference between using Self-signed vs CA-signed SSL certificate when configuring HTTPS on TIBCO Spotfire Server
When configuring the TIBCO Spotfire Server to use HTTPS, you must first obtain an SSL certificate. See the prerequisites of Configuring HTTPS here. An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. SSL Certificates can be either:
- Self Signed - A self-signed certificate is a certificate that is signed by itself rather than a trusted authority. These can be generated using IIS, Open SSL, or using the java keytool utility.
- CA signed - A CA-signed certificate has been authenticated by one of the trusted Certificate Authorities (CA) that are authorized to issue them. A CA-signed certificate also provides a level of assurance that the site is what it reports to be, and not an impostor website.
Both self-signed and CA signed certificates provide encryption for data in motion. The TIBCO Spotfire Server can be setup to run in SSL mode and either a self-signed or CA-signed certificate can be used, but it is advisable to be aware of the differences between using both the kinds of certificates.
1. When using a self-signed certificate, a browser will generally give some type of error or warning that the certificate is not issued by a CA, whereas CA-signed certificates will be automatically trusted on the browser:
2. With self-signed certificates, the private key is shared between the third party and end user while in CA-signed certificate the private key is kept with end user and not shared with anyone.
3. Self-signed certificates are usually meant for testing purposes and not in actual production environments. Doc: Configuring HTTPS