What is Certificate Authority?

A Certificate Authority (CA), also known as a certification authority or certificate issuer, is an establishment that validates the identities of certificate requesters and associates them to a cryptographic key through the issuance of electronic documents known as digital certificates.

The CA signs the certificates, and the signature is verified by a client before establishing a connection with the organization’s server. CAs are tasked with the domain control verification (DCV) process and for verifying the public key that the certificate is issued for belongs to the subject that requests it. CAs are an integral part of the PKI and help in keeping the internet secure and transparent. The format of these certificates is specified by the X.509 or EMV standard.

There are two types of certificate authorities:

  • Public CA: A public CA is a third-party entity that issues certificates for a fee after doing the necessary checks on the organization requesting a certificate. The checks by default include domain validation, and Third-party CAs have their own public-private key pairs with which they sign the certificates. Most of the well-known CAs are recognized by servers and clients; therefore, certificates signed by them are immediately validated by the entity initiating a secure connection. Publicly-signed certificates offer a higher level of assurance since they are issued by a recognized CA, and are generally used for securing websites and other endpoints involving direct user interaction.
  • Private CA: A private CA is when an organization creates its own local CA without going for an external one. In this case, the certificates are signed with the private key of the organization’s root certificate (the foremost certificate created to sign other certificates). Private CAs can be created to issue certificates for an organization’s internal network where discretion is required, and only a select group of users are involved. They may include VPNs, sensitive databases, secure mail servers among others.