Certificate Authority


In Cryptography, Certificate Authority (CA) is an entity that issues digital Certificates.

The digital Certificate certifies the ownership of a Public Key by the named Certificate Subject of the Certificate.

The Registration Authority which is often the same as the Certificate Authority performs this by Identity Proofing during the Certificate Request Process.

This Certificate Request Process is designed to allow the Relying Party to Trust upon Digital Signatures or assertions made by the Private Key that corresponds to the Public Key is Authentic.

Certificate Authoritys are characteristic of many Public Key Infrastructure (PKI) schemes.[1]

The user is responsible for going through the step of Certificate Validation for a certificate with a Certificate Authority to figure out if the certificate presented is valid.

Each Certificate Authority must have a CAPK and available to the user or device to perform the Certificate Validation of any Certificates.

Trust Anchor and Certificate Authority#

Certificate Authority issue uses a Trust Anchor Certificate (or Root Certificate) to sign all Certificates that they issue.

Certificate Authority and Identity Proofing#

A certificate authority, is supposed to, provide outside validation (Identity Proofing) that the certificate, that is sent by a ServerCertificate was properly issued to someone who controls that server’s DNS Domain. The DNS Domain you use in a browser then must pass the Certificate Validation. The Identity Proofing process that domain owner went through to obtain it. The CAs are part of a Chain of trust that includes Development Teams of Operating Systems and browsers, and represent the weakest link.

The Threat of certificates were issued that could or did lead to weaknesses has happened multiple times in the last decade. Perhaps the most well-known of these is DigiNotar, a Dutch CA that was compromised in 2011. One of the certificates was allegedly used by the government of Iran to intercept sessions of its citizens. This is one of the Public Key Infrastructure Weaknesses.

More Information#

There might be more information for this subject on one of the following:
[#1] - http://en.wikipedia.org/wiki/Certificate_authority