certificate authority (CA)

A certificate authority (CA) is a trusted entity that issues electronic documents that verify a digital entity’s identity on the Internet. The electronic documents, which are called digital certificates, are an essential part of secure communication and play an important part in the public key infrastructure (PKI). Certificates typically include the owner's public key, the expiration date of the certificate, the owner's name and other information about the public key owner. Operating systems (OSes) and browsers maintain lists of trusted CA root certificates to verify certificates that a CA has issued and signed.

Although any entity that wants to issue digital certificates for secure communications can potentially become their own certificate authority, most e-commerce websites use certificates issued by commercial CAs. Typically, the longer the CA has been operational, the more browsers and devices will trust the certificates a CA issues.  Ideally, certificates are backwards compatibile with older browsers and operating systems, a concept known as ubiquity.

Protocols that rely on certificate chain verification -- such as VPN and SSL/TLS -- are vulnerable to a number of dangerous attacks, including SSL man-in-the-middle attacks. Recently, trust in CAs has been shaken due to abuse of fraudulent certificates. Hackers have broken into various CA networks -- DigiNotar and Comodo, for example -- and signed bogus digital certificates in the names of trusted sites such as Twitter and Microsoft. In response, DigiCert became the first certificate authority to implement certificate transparency, an initiative intended to make it impossible for a certificate to be issued for a domain without the domain owner's knowledge.

Please note: CA also stands for conditional access, a term used in DTV.

This was last updated in June 2007

Continue Reading About certificate authority (CA)

Dig Deeper on PKI and digital certificates

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Will certificate transparency help prevent bogus certificates from circulating?
my friend bought me a phone from Portugal. It's impossible for me to get minutes on it in the US. The phone is not locked. Does it have something to do with the CA certificate?



File Extensions and File Formats

Powered by: