Certificate Authority (CA)
What is Certificate Authority (CA)?
Certificate Authority (CA)A trusted entity that issues and signs digital certificates, binding cryptographic public keys to verified identities such as domain names or organisations.
A certificate authority validates the identity of a certificate applicant according to its certificate policy (DV, OV or EV for the public web; tighter rules for code-signing or qualified certificates) and signs an X.509 certificate with its own private key. CAs operate at the top of the trust chain in any PKI: root CAs are kept offline and used only to sign tightly controlled intermediates, which in turn sign end-entity certificates for servers, people or devices. Browsers and operating systems ship preloaded root stores. CAs publish certificate revocation lists, run OCSP responders and submit issuance to Certificate Transparency logs so that misissuance can be detected.
● Examples
- 01
Public CAs like Let's Encrypt, DigiCert and Sectigo that issue TLS certificates for the web.
- 02
An enterprise internal CA used to issue user, server and device certificates.
● Frequently asked questions
What is Certificate Authority (CA)?
A trusted entity that issues and signs digital certificates, binding cryptographic public keys to verified identities such as domain names or organisations. It belongs to the Network Security category of cybersecurity.
What does Certificate Authority (CA) mean?
A trusted entity that issues and signs digital certificates, binding cryptographic public keys to verified identities such as domain names or organisations.
How do you defend against Certificate Authority (CA)?
Defences for Certificate Authority (CA) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Certificate Authority (CA)?
Common alternative names include: CA, Issuing CA.