I was working the other day and I had a question come up, that I want to ask here to make sure my assumptions are correct.
In terms of SSL Mutual Authentication a self signed CA and a public CA provide the same functionality, is that assumption correct?
Besides the part that, supposedly, a public CA is stored much more securely than a private CA, the functionality part is the same, right? Meaning the client will be able to communicate with the server only if both of them have the certificates issued by the same CA and the server has access to the CA, right?
So in this situation, the man-in-the-middle attack is only possible of the attacker has access to the self-signed CA, correct?
And if all of the above assumptions are correct, what is the benefit of using a public CA for ssl mutual authentication? Is it only that it’s stored very securely or is there also something else?
Any help is greatly appreciated, thank you!