Sectigo Private CA

Operate your own CA to issue private certificates for your users and applications

Private Certification Authority Service

Issue & manage private SSL certificates in SCM

Private CA is a feature in Sectigo Certificate Manager (SCM) providing enterprises with a low-cost way to secure and manage their private intranet certificates while adhering to corporate and industry compliance standards. Through the SCM platform administrators can issue, view and manage their intranet certificates in addition to their Sectigo certificates – all from a single platform to avoid risks, errors, or hidden costs that can be associated with self-signed certificates.

Common uses for private certificates include:
  • Intranet sites
  • VPN or wireless authentication
  • Device identification – mobile device deployments or BYOD
  • Internet of Things (IoT) projects
  • Securing communications between internal services

Under a Private CA, enterprises can create their own private root certificate which is capable of issuing private, end-entity certificates to their internal servers and users.

Sectigo's Private CA solution provides customers with a complete, managed PKI solution designed to alleviate the problems associated with establishing and managing an internal PKI.

What is a Private CA?

A Private CA is an “enterprise specific” Certificate Authority that functions like a publicly trusted CA but
is exclusively run by or for the enterprise. Under a Private CA, enterprises will create their own private root certificate which is capable of issuing private, end- entity certificates to their internal servers and users. Certificates issued by a private CA are not “publicly trusted” and are not intended to be used outside of the enterprise’s infrastructure/trusted members.

Sectigo’s Private CA solution provides enterprises with a complete, managed PKI solution designed to alleviate the problems associated with establishing and managing an internal PKI. A dedicated PKI hierarchy is established, setup and maintained for the enterprise in Comodo’s secure and WebTrust-audited infrastructure.

The Private CA is accessed and managed through the Sectigo Certificate Manager (SCM) platform.

Why do companies need a Private CA?

There are a number of reasons why an enterprise may need a Private CA.

Primarily, the enterprise may have a requirement to expand the use of certificates and PKI within their organization for use-cases such as:

  • VPN or wireless authentication
  • Device identification – mobile device deployments or BYOD
  • Internet of Things (IoT) projects
  • Securing communications between internal services

In addition, many enterprises may have requirements that cause some of their certificates to fall outside of the types of certificates that a public, globally-trusted CA can offer.

For example, since late 2015, public CAs can no longer issue certificates for ‘internal’ names and IP addresses, such as ‘server.mycompany.local’ or 192.168.1.1 – leaving them to create their own certificates or take complex and costly paths to change systems to use external domains.

To support these use-cases, enterprises would need to setup their own internal CA with existing tools to provision certificates for their needs. Not only would that require some level of specialist knowledge but also ongoing maintenance and upkeep to ensure best practices and security guidelines were followed. To scale an internal PKI to support high-volume projects, further expensive hardware and expertise would be needed.

The Sectigo Private CA solution allows the enterprise to outsource the entire operation of a PKI to Sectigo, the world’s largest Certificate Authority.

Having the PKI managed by Sectigo assures the enterprise that their Private CA is setup and operated to the best industry standards, in the most secure infrastructure and managed by experts.

Sectigo Certificate Manager (SCM) is an enterprise- grade certificate lifecycle management platform with the tools to manage the CA – offering features such as certificate discovery, multi-level hierarchy, external certificate enrollment forms, API interfaces, fully customizable notifications and more. An enterprise can provision and manage their public, globally-trusted certificates, such as Sectigo EV certificates, alongside their Private CA certificates using a single interface.

Sectigo also provides full, highly-available and globally-redundant revocation services (both CRL and OCSP) for Private CAs.

Reducing Management Costs

While enterprises can choose between using an Internal Certificate Authority or a publicly trusted CA to issue certificates, many organizations are burdened by the annual costs of managing a Microsoft CA. These costs include dedicated resources to manage the Microsoft CA, training personnel, maintaining an infrastructure (hardware and software), backups, DR, audits, maintenance and operations. A Sectigo Private CA significantly reduces these costs by:

  • Providing an outsourced, managed cloud solution with disaster recovery services and highly trained experts on staff 24/7, maintaining hardware and software upgrades and providing security audits
  • Adapting to your organization’s requirements and making costs predictable
  • Helping organizations maximize operational efficiency so they can offer more products and services by outsourcing non-core business operations to Sectigo


Additional Solutions Available

Contact Us For More Information

Get Industry-leading Solutions for Your Online Business

With world class solutions that identify, prevent and combat web-based threats, Sectigo helps businesses protect their customers and reach their goals.