Overview
During Gateway installation, an SSL certificate is used to secure communication between the Gateway and other systems. DvSum supports two primary SSL certificate types: self-signed certificates and CA-signed certificates.
This article explains the difference between these certificate types, when each is typically used, and how they relate to the SSL configuration options available during Gateway installation.
Certificate Types at a Glance
Gateway SSL configuration is based on how the certificate is trusted.
The two supported trust models are self-signed certificates and CA-signed certificates.
The SSL options available during installation define how the certificate and keystore are created or reused, rather than introducing different certificate types.
Self-Signed Certificates
A self-signed certificate is generated by the Gateway itself during installation and is not issued by a trusted Certificate Authority.
When this option is used
Self-signed certificates are commonly used when deploying non-production or test environments, running the Gateway within an internal or controlled network, or when external trust by browsers or third-party systems is not required.
Characteristics
Generated automatically during installation.
Not trusted by browsers or external systems by default.
May require manual trust configuration if accessed externally.
Related Gateway installation option
This certificate type is generated when selecting Generate a new certificate option during the gateway installation.
CA-Signed Certificates
A CA-signed certificate is issued by a trusted Certificate Authority, either internal or public. This option is typically used for production or externally accessible environments.
When this option is used
CA-signed certificates are commonly used when deploying the Gateway in production, when external systems or browsers must trust the Gateway, or when security or compliance requirements apply.
Characteristics
Trusted by browsers and external systems.
Issued by a Certificate Authority.
Requires an existing certificate and corresponding private key.
Related Gateway installation options
CA-signed certificates are used when selecting Create a new keystore with your certificate, Use an existing keystore, or Add certificates to an existing keystore option during gateway installation. These options allow a trusted certificate to be supplied or reused during installation.
How This Relates to Gateway Installation
The Gateway installer presents multiple SSL configuration options. These options control how certificates are generated, stored, or reused during setup.
From a certificate perspective, the configuration always falls into one of two categories: using a self-signed certificate generated by the Gateway or using a CA-signed certificate provided during installation.
Recommended Approach
In general, self-signed certificates are suitable for development or internal testing, while CA-signed certificates are recommended for production or externally accessible deployments.
Selecting the appropriate certificate type helps ensure secure communication and aligns with deployment and security requirements.
0 Comments