There are two types of certification authorities:

• Private CAs: This is what we are covering in this chapter. This type of CA is mainly for the internal infrastructures, and it can be used to issue, manage, renew, and revoke certificates for internal objects and services. This will be a less of a cost to maintain. It is Active Directory integrated service, however if necessary AD CS components can also be installed in a workgroup environment (stand-alone CA). If objects in the external network likes to use certificates from the internal CA, the certificate must be first requested within the internal network; and once it's issued, it needs to export and import it into the external network along with the root certificate, which certifies the issuer itself.
• Public CAs: Public CAs are available for anyone, and users can pay the associate fees and generate certificates. These certificates come with a different level of insurance as well to confirm the protection. Internal CAs can trust internal objects as it's one of our. But if you provide internet-facing services, it doesn't make sense to use internal CA-issued certificates, as not everyone will trust the issuer. Instead of that, we can use a certificate issued by well-known CA, which everyone can trust.