Help Center/ Cloud Certificate Manager/ FAQs/ Certificate Consulting/ What Are the Differences Between SSL Certificate Manager and Private Certificate Authority?
Updated on 2023-01-19 GMT+08:00

What Are the Differences Between SSL Certificate Manager and Private Certificate Authority?

Concepts

SCM is a platform to centrally manage your Secure Sockets Layer (SSL) certificates. Working with trusted Certificate Authorities (CAs) around the world, SCM enables one-stop SSL certificate lifecycle management and helps you improve trust and secure data transmission for your websites.

Private Certificate Authority (PCA) is a private certificate and CA management platform. You can use CCM to set up a complete CA hierarchy and use it to issue and manage private certificates for your organization. It is used to authenticate application identities and encrypt and decrypt data within your organization.

Differences Between SCM and PCA

Table 1 describes the differences between SCM and PCA.

Table 1 Differences between SCM and PCA

Service Name

Function

Application Scenario

Security Level

Apply to Internal Network

SSL Certificate Manager (SCM)

After an SSL certificate is deployed on a server, HTTPS is enabled on the server. The server uses HTTPS to establish encrypted links to the client, ensuring data transmission security.

  • Authenticate websites and ensure that data is sent to the correct clients and servers.
  • Set up encrypted connections between clients and servers, preventing data from being stolen or tampered with during transmission.
  • Authenticating websites

    An SSL certificate validates the identity of a website on the Internet. If a website is not installed with an SSL certificate, the browser considers the website as insecure so that the website is hardly trusted by users and have few visitors. Visitors are more likely to explore a website secured with an SSL certificate because they believe the website is secure enough. Especially the websites that use OV or EV certificates, the CA validates the domain name ownership and enterprise identity before issuing a certificate, which effectively improves the website credibility.

  • Website data encryption

    The data transmitted over HTTP always faces high risks of being disclosed, eavesdropped, or tampered with as HTTP cannot encrypt data in transit. SSL certificates covert your HTTP website to an HTTPS one. An HTTPS-secured website enables encrypted communication and effectively improves data transmission security.

  • Enabling of HTTPS on Huawei Cloud Services such as WAF, ELB, and CDN

    CCM enables you to quickly deploy SSL certificates to your Huawei Cloud services, such as WAF, ELB, and CDN.

  • Website loading speed acceleration

    SSL certificates are compatible with HTTP/2 and can be used to quickly and dynamically load web page content.

High

Not supported. SSL certificates can be used only for public domain names.

PCA

  • Allows you to set up a complete CA hierarchy, including root CAs and multi-level intermediate CAs.
  • Provides high-availability and high-security private CA hosting capabilities.
  • Allow you to create and manage private certificates. These private certificates are used to identify and protect the resources of your organization, including applications, services, devices, and users.
  • Internal application data security control

    You can use PCA to establish an internal certificate management system for your enterprise and issue and manage self-signed private certificates to authenticate identities, encrypt and decrypt data, and secure data transmission within the enterprise.

  • IoV applications

    Telematics Service Providers (TSPs) can use PCA to issue a certificate to each vehicle terminal, thereby providing security capabilities such as authentication and encryption during vehicle-vehicle, vehicle-cloud, and vehicle-road interaction.

  • IoT applications

    The Internet of Things (IoT) platform can use PCA to issue a certificate to each IoT device to implement IoT device identity verification and authentication, ensuring device access security in IoT scenarios.

Low

Supported. Private certificates can be deployed on the intranet.