Certificate Types

Overview

You can select a certificate type based on the authentication scenario.

Certificate Type	Description	Scenario
Server certificate	Used for SSL handshake negotiations and server authentication. Both the certificate content and private key are required.	One-way authentication Mutual authentication
CA certificate	Issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA. Only the certificate content is required.	Mutual authentication

Certificate Type

Description

Scenario

Server certificate

Used for SSL handshake negotiations and server authentication.

Both the certificate content and private key are required.

One-way authentication
Mutual authentication

CA certificate

Issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.

Only the certificate content is required.

Mutual authentication

FAQ

Is a Certificate Required for an HTTPS Listener?

If you use an HTTPS/TLS listener to forward traffic, you need to bind a server certificate to the listener for SSL handshake negotiations and server authentication.

If mutual authentication is required, you must bind a CA certificate to the listener to authenticate the certificate issuer.

What Are the Differences Between Server Certificates and CA Certificates?

Certificate Type	Server Certificate	CA Certificate
Scenario	One-way authentication Mutual authentication	Mutual authentication
Function	Used for SSL handshake negotiations and server authentication.	Used to verify the certificate issuer.
Certificate sources	Certificates managed by SSL Certificate Manager (SCM) Your own certificates	Your own certificates