1. Everbridge
  2. Knowledge
  3. Single Sign-On (SSO)
  4. Configuration

EBS: What Are the Differences and Risks Between a CA-Signed SSO Certificate and an Everbridge-Signed SSO Certificate?

Updated
Marco Martines
Optimized Resolution Standard Resolution High Resolution

Question

What is the main difference between a Certificate Authority (CA-signed) certificate and an Everbridge-signed (self-signed) certificate for SSO?

What are the risks associated with using the five-year Everbridge-signed SSO certificate instead of the one-year CA-signed certificate?

Answer

Differences

The primary difference between the two types of certificates lies in their usage and security considerations:

  • Certificate Authority (CA-signed) Certificate:

    • Validity Period: One year

    • Usage: Typically used with Identity Providers (IdPs) that require the certificate to be imported for authentication.

    • Security: Considered slightly stronger and more secure due to the shorter validity period and the external validation by a trusted Certificate Authority.

  • Everbridge-Signed (Self-signed) Certificate:

    • Validity Period: Five years

    • Usage: Generally used with IdPs that do not require the certificate to be imported for authentication.

    • Security: While it has a longer validity period, it is self-signed and may not be as secure as a CA-signed certificate.

Risks

There are no significant risks associated with using the five-year Everbridge-signed certificate over the one-year CA-signed certificate. However, the one-year CA-signed certificate is considered slightly more secure due to its shorter validity period and external validation.

Availability

It's important to note that the CA-signed one-year certificate may not always be immediately available for renewal. In some cases, users may need to wait for a specific date before they can update their CA-signed certificate. For example, a certificate might not be available for renewal until a certain date.

The five-year Everbridge-signed certificate offers more convenience as it does not require annual renewal, unlike the one-year CA-signed certificate.

When the one-year CA-signed certificate becomes available for renewal, Everbridge will notify users so they can update it in their Everbridge instance.

It's worth noting that there are no legal or contractual obligations associated with choosing either the CA-signed or Everbridge-signed certificate. The choice between the two types of certificates is primarily based on security preferences and convenience.

For more detailed steps on updating the Everbridge Single Sign-On (SSO) Certificate, refer to knowledge article EBS: Updating the Everbridge Single Sign-On (SSO) Certificate.

Was this article helpful?
0 out of 0 found this helpful

Article Feedback


While we can’t respond to you directly, we’d love to know how we can improve the article.

Please sign in to leave a comment.