A certificate authority (CA) is a trusted entity that manages and issues security certificates and public keys that are used for secure communication in a public network. The CA is part of the public key infrastructure (PKI) along with the registration authority (RA) who verifies the information provided by a requester of a digital certificate. If the information is verified as correct, the certificate authority can then issue a certificate.
Certificate authorities are trusted third-party entities who provide digital certificates to organizations that have the need to ensure that their users are provided with secure authentication and connection. Certificates given by CAs build trust between the users and the providers because they can ensure the validity of each other’s identities and authorities.
CAs provide the most basic security and business process principles in a public key infrastructure by creating trust relationships between enterprise and entities. Defined trust can be used to enable certain types of connections while limiting others, including:
- Applying consistent issuance policies for certificates
- Applying consistent formatting for names in issued certificates
- Preventing issued certificates from being used in some applications
- Preventing implementation of certain unauthorized subordinate CAs