Without the CA seal of approval, you'd have to distribute the digital certificate on your own. Since most browsers have a built-in list of publicly known CAs, your personal digital certificate won't be recognized on the Web.
CAs are approved by the registration authority (RA), a trusted third-party that issues and verifies digital certificates. Remember, a digital certificate is like a driver's license. It's universally recognized because it's issued by a reliable source, like how a license is issued by a department of motor vehicles.
That doesn't mean you shouldn't issue your own certificate. If you're in a large organization and want to use it internally, it might make sense. Internally generated digital certificates can be used to verify network access for employees in distant departments. The digital certificate can provide additional authentication for access to files or systems from someone in a far away department.
Issuing digital certificates on your own can be done through a public key infrastructure (PKI). PKI is a dedicated system, or cluster of servers, that handles the creation of public keys associated with digital certificates. The PKI system creates, maintains and revokes certificates as needed.
PKI systems can be complicated and costly, but if your organization is large enough and the demand is there, it's worth it.
For more information:
This was first published in June 2007