Concepts
SCM is a platform to centrally manage your Secure Sockets Layer (SSL) certificates. Working with trusted Certificate Authorities (CAs) around the world, SCM enables one-stop SSL certificate lifecycle management and helps you improve trust and secure data transmission for your websites.
Private Certificate Authority (PCA) is a private certificate and CA management platform. You can use CCM to set up a complete CA hierarchy and use it to issue and manage private certificates for your organization. It is used to authenticate application identities and encrypt and decrypt data within your organization.
Differences Between SCM and PCA
Table 1 describes the differences between SCM and PCA.
Table 1 Differences between SCM and PCA
|
Service Name |
Function |
Application Scenario |
Security Level |
Apply to Internal Network |
|
SSL Certificate Manager (SCM) |
After an SSL certificate is deployed on a server, HTTPS is enabled on the server. The server uses HTTPS to establish encrypted links to the client, ensuring data transmission security.
- Authenticate websites and ensure that data is sent to the correct clients and servers.
- Set up encrypted connections between clients and servers, preventing data from being stolen or tampered with during transmission.
|
- Authenticating websites
An SSL certificate validates the identity of a website on the Internet. If a website is not installed with an SSL certificate, the browser considers the website as insecure so that the website is hardly trusted by users and have few visitors. Visitors are more likely to explore a website secured with an SSL certificate because they believe the website is secure enough. Especially the websites that use OV or EV certificates, the CA validates the domain name ownership and enterprise identity before issuing a certificate, which effectively improves the website credibility.
- Website data encryption
The data transmitted over HTTP always faces high risks of being disclosed, eavesdropped, or tampered with as HTTP cannot encrypt data in transit. SSL certificates covert your HTTP website to an HTTPS one. An HTTPS-secured website enables encrypted communication and effectively improves data transmission security.
- Enabling of HTTPS on Huawei Cloud Services such as WAF, ELB, and CDN
CCM enables you to quickly deploy SSL certificates to your Huawei Cloud services, such as WAF, ELB, and CDN.
- Website loading speed acceleration
SSL certificates are compatible with HTTP/2 and can be used to quickly and dynamically load web page content.
|
High |
Not supported. SSL certificates can be used only for public domain names. |
|
PCA |
- Allows you to set up a complete CA hierarchy, including root CAs and multi-level intermediate CAs.
- Provides high-availability and high-security private CA hosting capabilities.
- Allow you to create and manage private certificates. These private certificates are used to identify and protect the resources of your organization, including applications, services, devices, and users.
|
- Internal application data security control
You can use PCA to establish an internal certificate management system for your enterprise and issue and manage self-signed private certificates to authenticate identities, encrypt and decrypt data, and secure data transmission within the enterprise.
- IoV applications
Telematics Service Providers (TSPs) can use PCA to issue a certificate to each vehicle terminal, thereby providing security capabilities such as authentication and encryption during vehicle-vehicle, vehicle-cloud, and vehicle-road interaction.
- IoT applications
The Internet of Things (IoT) platform can use PCA to issue a certificate to each IoT device to implement IoT device identity verification and authentication, ensuring device access security in IoT scenarios.
|
Low |
Supported. Private certificates can be deployed on the intranet. |
