Network Security
Certificate Authority (CA)
Also known as: CA, Issuing CA
Definition
A trusted entity that issues and signs digital certificates, binding cryptographic public keys to verified identities such as domain names or organisations.
Examples
- Public CAs like Let's Encrypt, DigiCert and Sectigo that issue TLS certificates for the web.
- An enterprise internal CA used to issue user, server and device certificates.
Related terms
Public Key Infrastructure (PKI)
The combined system of policies, software, hardware and trusted authorities used to issue, distribute, validate and revoke digital certificates that bind identities to public keys.
X.509 Certificate
A standard structure for a digital certificate that binds a public key to an identity through a signature from a trusted certificate authority.
Certificate Revocation List (CRL)
A signed, periodically published list of digital certificates that a CA has invalidated before their natural expiry, used by relying parties to detect revoked certs.
OCSP (Online Certificate Status Protocol)
An HTTP-based protocol that lets a client query a CA's responder in real time to determine whether a specific X.509 certificate is valid, revoked or unknown.
Extended Validation Certificate
A TLS certificate issued only after a CA performs a strict, standardised verification of the legal identity, physical existence and authority of the requesting organisation.
Self-Signed Certificate
A digital certificate that is signed with the same private key whose public counterpart it contains, with no external certificate authority involved.