A certificate authority (CA) is a trusted entity that issues electronic documents that verify a digital entity’s identity on the Internet. The electronic documents, which are called digital certificates, are an essential part of secure communication and play an important part in the public key infrastructure (PKI). Certificates typically include the owner's public key, the expiration date of the certificate, the owner's name and other information about the public key owner. Operating systems (OSes) and browsers maintain lists of trusted CA root certificates to verify certificates that a CA has issued and signed.
Although any entity that wants to issue digital certificates for secure communications can potentially become their own certificate authority, most e-commerce websites use certificates issued by commercial CAs. Typically, the longer the CA has been operational, the more browsers and devices will trust the certificates a CA issues. Ideally, certificates are backwards compatibile with older browsers and operating systems, a concept known as ubiquity.
Protocols that rely on certificate chain verification -- such as VPN and SSL/TLS -- are vulnerable to a number of dangerous attacks, including SSL man-in-the-middle attacks. Recently, trust in CAs has been shaken due to abuse of fraudulent certificates. Hackers have broken into various CA networks -- DigiNotar and Comodo, for example -- and signed bogus digital certificates in the names of trusted sites such as Twitter and Microsoft. In response, DigiCert became the first certificate authority to implement certificate transparency, an initiative intended to make it possible for a certificate to be issued for a domain without the domain owner's knowledge.
Please note: CA also stands for conditional access, a term used in DTV.
Continue Reading About certificate authority (CA)
- The U.S. Government Accounting Office has a presentation, "Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology."
- VeriSign is the leading certificate authority, providing over 125,000 Web sites with SSL (Secure Sockets Layer) server certificates, mainly for use in e-commerce.
Dig Deeper on PKI and Digital Certificates
Margaret Rouse asks:
Will certificate transparency help prevent bogus certificates from circulating?
0 ResponsesJoin the Discussion