What is Private PKI vs. Public PKI?

What is Private PKI vs. Public PKI? Private Public Key Infrastructure (PKI) involves the use of encryption within an organizations’ internal servers and systems via an Internal Certificate Authority (CA) that issues private TLS/SSL certificates. Organizations using Private PKI must design, develop, implement, and maintain the necessary supporting systems to upkeep the Private PKI which can be a complicated, costly, and time-consuming undertaking. Private SSL certificates are issued off a private, dedicated intermediate and root certificate. Unfortunately, securing your own root and intermediate can get very expensive. Some of the costs of PKI set up include: Hardware, software, and licensing PKI expertise Training Certificate Policy (CP)/Certificate Practice Statement (CPS) Auditing against Certificate Policy Vulnerability testing That’s why the DigiCert Private PKI Solution is a great option for organizations who need expert help and advice to ensure their internal systems are secure. With our expertise, we will create your root certificate and secure it at a level commensurate of public trust roots, while allowing you oversight of your intermediate, its properties, what types of certificates it can issue, and the names on those certificates. Public PKI refers to digital certificates that are issued for public domains or web servers and can be viewed and logged publicly. These refer to public TLS/SSL certificates that can be used for websites, email, document signing, code signing and more.

Identity Trust

What is Internal PKI vs. Web PKI?

An internal PKI (Private PKI) is a security system used to issue and govern digital certificates that are only trusted within the organization’s network. This approach to digital trust is often used for internal use cases like authenticating employee devices to corporate applications and services or encrypting communications among servers not accessible from outside the network.

Unlike the Web PKI—designed for public-facing trust for the world wide web and operated by public certificate authorities—internal PKI is tailored to the specific policies, systems, and access controls of an enterprise or IoT device manufacturer. Strong use cases for internal PKI include secure authentication in a Zero Trust architecture or managing identities in DevOps environments. Organizations should avoid the unnecessary costs and operational complexity of using Web PKI for internal scenarios, including unintended certificate revocations due to CA/Browser Forum requirements that are irrelevant for internal systems.

Organizations using internal PKI must implement and maintain the necessary supporting systems to keep the PKI functioning properly. This can be complicated, costly, and time-consuming. Private certificates should be issued using an internal intermediate certificate authority (ICA), which itself is chained to an internal root certificate authority with an internal root certificate. These are complicated tasks to correctly performed for anyone who isn’t proficient in PKI, and the stakes are high. Home-grown internal security systems are usually poorly secured, frequently cause outages, and end up costing more than projected.

That’s why the DigiCert ONE platform includes PKI as a Service for enterprises and connected device manufacturers who need to ensure that their internal PKI is properly set up and functioning with the highest security assurance. DigiCert creates the root certificate and secures it at a level commensurate with public trust roots, while allowing the enterprise oversight of its intermediate CA, properties, the types of certificates it can issue, the names on those certificates, and the policies that govern them.

CHOOSE YOUR LANGUAGE

Choose your language

Identity Trust

What is Internal PKI vs. Web PKI?

Related Links:

Company

My Account

Resources

Sites