Definition[]
A certification authority (also called a certificate authority or CA) is
“ | similar to a notary. It is a specially established trusted organization or part of a larger organization that accepts the responsibility of managing the certificate process by overseeing the generation, distribution, renewal, revocation, and suspension of digital certificates. | ” |
“ | organizations that issue digital certificates. These digital certificates certify the ownership of a public key by the named subject of the certificate. This allows others to rely upon signatures or assertions made by the private key that corresponds to the certified public key. The CAs typically validate the identities of requestors before they issue certificates. This system breaks down, however, if CAs are unable to validate the applicants they vouch for and their authority over the domain name for which the certificate is applied.[1] | ” |
Overview[]
Certification authorities are a main component of a PKI, which uses cryptographic techniques to generate and manage digital certificates.
The certification authority may set restrictions on a certificate, such as the starting date for which the certificate is valid as well as its expiration date. It is at times necessary to revoke digital certificates before their established expiration dates, for example, when the certificate holder leaves the issuing organization or when the private key is compromised. Therefore, the certification authority is also responsible for providing certificate status information and may publish a certificate revocation list in a directory or maintain an online status-checking mechanism.
Users of digital certificates are dependent on certification authorities to verify the digital certificates. If a valid certification authority is not used, or a certification authority makes a mistake or is the victim of a cyber attack, a digital certificate may be ineffective.