Certificate authorities
A certificate authority can be:
• an organization, such as VeriSign Inc., that provides certificate services
• a software application, such as Microsoft Certificate Services or OpenSSH
For a company web portal or customer-facing SSL VPN, a third-party certificate service has some advantages. The CA certificates are already included in popular web browsers and customers trust the third-party. On the other hand, third-party services have a cost.
For administrators and for employee VPN users, the local CA based on a software application provides the required security at low cost. You can generate and distribute certificates as needed. If an employee leaves the organization, you can simply revoke their certificate.