Secure Mobile Access 12.4 Administration Guide

Certificate Strategy

There are three types of certificates:

  • Let’s Encrypt, is a certificate authority that is public, free, API-driven, and trusted by browsers/clients.

  • A commercial CA verifies your company’s identity, vouching for your identity by providing you with a certificate that the CA signs. A CA need not be commercial or third-party—a company can be its own CA. Commercial certificates are purchased from a CA such as Symantec (http://www.symantec.com/ssl-certificates), and are usually valid for one year.
  • With a self-signed SSL certificate, you are verifying your own identity. The associated private key data is encrypted using a password. A self-signed certificate can also be a wildcard certificate, allowing it to be used by multiple servers which share the same IP address and certificate, but have different FQDNs.

When deciding which type of certificate to use for the servers, consider who will be connecting to the appliance and how they will use resources on your network. If business partners are connecting to Web resources through the appliance, they will likely want some assurance of your identity before performing a transaction or providing confidential information. In this case, you would probably want to obtain a certificate from a commercial CA for the appliance.

When the appliance is configured with a certificate from a CA that is not well known or one that is self-signed, small form factor device users may see an error message and be unable to log in. For more information on small form factor devices, see WorkPlace and Small Form Factor Devices.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden