certificate authority (CA) definition

A certificate authority (CA) is a trusted entity that issues electronic documents that verify a digital entity’s identity on the Internet. The electronic documents, which are called digital certificates, are an essential part of secure communication and play an important part in the public key infrastructure (PKI). Certificates typically include the owner's public key, the expiration date of the certificate, the owner's name and other information about the public key owner. Operating systems (OSes) and browsers maintain lists of trusted CA root certificates to verify certificates that a CA has issued and signed.

Although any entity that wants to issue digital certificates for secure communications can potentially become their own certificate authority, most e-commerce websites use certificates issued by commercial CAs. Typically, the longer the CA has been operational, the more browsers and devices will trust the certificates a CA issues.  Ideally, certificates are backwards compatibile with older browsers and operating systems, a concept known as ubiquity.

Protocols that rely on certificate chain verification -- such as VPN and SSL/TLS -- are vulnerable to a number of dangerous attacks, including SSL man-in-the-middle attacks. Recently, trust in CAs has been shaken due to abuse of fraudulent certificates. Hackers have broken into various CA networks -- DigiNotar and Comodo, for example -- and signed bogus digital certificates in the names of trusted sites such as Twitter and Microsoft. In response, DigiCert became the first certificate authority to implement certificate transparency, an initiative intended to make it possible for a certificate to be issued for a domain without the domain owner's knowledge.

Please note: CA also stands for conditional access, a term used in DTV.

This was first published in June 2007

Continue Reading About certificate authority (CA)

Dig Deeper on PKI and Digital Certificates



Find more PRO+ content and other member only offers, here.

Related Discussions

Margaret Rouse asks:

Will certificate transparency help prevent bogus certificates from circulating?

0  Responses So Far

Join the Discussion



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

File Extensions and File Formats

Powered by: