CA-Issued Vs. HTTPS Shared Certificates


I am working in a project (IdP-initiated) to implement SAML and I don’t know what kind of certificate is the best option for the project.

I already read that there is 3 types of certificates: Self-signed, CA-issued and Https shared. I also know that Self-signed is free but it can’t be validated. The other two aren’t free, but…

1. What’s the difference between CA-issued certificates and HTTPS Shared certificates?
2. What kind of certificate do you recommend me to use? (The project, when completed, will have more than 10k users that are going to use it).
3. Do you recommend me to use Self-signed certificates or for big projects it is not a good idea?

  1. All of these are X.509 certificates. The difference is who issues and therefore signs the certificates.
    2. We usually recommend a self-signed certificate as there’s no cost involved.
    3. Self-signed certificates are commonly used. Most of the large cloud-based SAML offerings use self-signed certificates.

    The Certificate Guide provides more information on the alternatives.