What Is a CA Signed Certificate & How Do I Get One?

Explore how to get a CA-signed certificate and why you should always use one instead of a self-signed certificate

Securing your website with HTTPS is an easy task. Simply get a publicly trusted SSL/TLS certificate for your website, upload it to your server, and you’re right as rain. But can’t you just use a self-signed certificate and save yourself a few bucks? No, unless you like showing ugly error messages to website visitors and potential customers:

To secure your website and eliminate such errors, you’ll need to get a certificate that’s signed by a publicly trusted certification authority (CA). Here’s what you need to know about what a CA signed certificate is, how to get one, and why doing so is imperative to your organization’s reputation and the security of its customers.

What Is a CA Signed Certificate?

A CA signed certificate is a small digital file that’s been issued and signed by a publicly trusted CA, such as Comodo CA (now Sectigo). A CA-signed leaf certificate is trusted because it “chains” back to a root CA that was set up in adherence with the industry’s strongest security standards.

Why Bother Using a CA Signed SSL Certificate?

Unlike a self-signed certificate, a CA signed certificate will be trusted automatically and authenticated by all popular operating systems (Windows, Android, iOS, etc.) and web browsers (Chrome, Firefox, Safari, Edge, etc.) This ensures that your customers can access your website without experiencing any security errors.

How to Get a Certificate Signed by a CA

Wondering how to get a CA certificate that’s legitimately issued and signed by a publicly trusted CA? You can get Comodo CA signed SSL certificates, code signing certificates, document signing certificates, and S/MIME certificates — at up to 85% off retail — right here on ComodoSSLstore.com.

The steps to get a publicly trusted Comodo CA signed certificate are pretty simple:

1. Buy the certificate. You can secure your website with an SSL/TLS certificate for less than what it costs to get an individual Taco Bell special meal.
2. Provide your certificate signing request (CSR). You can generate a CSR in your hosting provider’s control panel (e.g., cPanel).
3. Complete the validation process. With domain validation (DV) certificates, this can be as simple as clicking a link in a confirmation email.
4. Get a cup of coffee. For DV certificates, Comodo CA will send you the CA signed certificate within a few minutes, so just take a moment to grab a cup of java while you wait.

How Much Does a CA Signed Certificate Cost?

You can get a CA signed certificate for a very low cost. With our discounted prices, Comodo CA certificates start at less than $8 per year.

What Is the Difference Between Self Signed and CA Certificate?

A self-signed certificate is one that you can generate yourself for free (e.g., using OpenSSL). However, it isn’t publicly trusted because there’s no way to verify its authenticity or integrity.

An easy way to generate a self-signed certificate is typically found within your web hosting control panel. It’s often called a certificate signing request (CSR) generator:

However, as cPanel mentions, you should only use a self-signed certificate for temporary testing within isolated testing environments until you get your CA signed certificate. It should never be used in production or public environments.

There are a few reasons why you shouldn’t use self-signed certificates (including management issues), particularly on external-facing pages, but the biggest reason is that your users will see a security message like this when they try to visit your website:

With a CA issued public certificate, though, your customers will be able to freely access your website using an encrypted connection. Instead of a security warning, they’ll see either the secure padlock (in certain browsers) or the message stating that the “connection is secure”:

That’s what your visitors want to see! Far more reassuring, wouldn’t you agree?