<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
In [Cryptography], [{$pagename}] (CA) is an [entity] that __issues__ digital [Certificates]. 


The digital [Certificate] certifies the ownership of a [Public Key] by the named [Certificate Subject] of the [Certificate]. 

The [Registration Authority] which is often the same as the [Certificate Authority] performs this by [Identity Proofing] during the [Certificate Request Process].

This [Certificate Request Process] is designed to allow the [Relying Party] to [Trust] upon [Digital Signatures] or [assertions] made by the [Private Key] that corresponds to the [Public Key] is [Authentic|Authentication]. 

[{$pagename}]s are characteristic of many [Public Key Infrastructure] ([PKI]) schemes.[1]

The [user] is responsible for going through the step of [Certificate Validation] for a [certificate] with a [{$pagename}] to figure out if the [certificate] presented is valid. 

Each [{$pagename}] must have a [CAPK] and available to the [user] or device to perform the [Certificate Validation] of any [Certificates].

!! [Trust Anchor] and [{$pagename}]
[{$pagename}] issue uses a [Trust Anchor] [Certificate] (or [Root Certificate]) to sign all [Certificates] that they issue.

!! [{$pagename}] and [Identity Proofing]
A certificate authority, is supposed to, provide outside validation ([Identity Proofing]) that the [certificate], that is sent by a [ServerCertificate] was properly issued to someone who controls that server’s [DNS Domain]. The [DNS Domain] you use in a [browser] then must pass the [Certificate Validation]. The [Identity Proofing] process that domain owner went through to obtain it. The CAs are part of a [Chain of trust] that includes [Development Teams] of [Operating Systems] and [browsers], and represent the weakest link.

The [Threat] of [certificates] were issued that could or did lead to weaknesses has happened multiple times in the last decade. Perhaps the most well-known of these is DigiNotar, a Dutch CA that was compromised in [2011|Year 2011]. One of the certificates was allegedly used by the government of Iran to intercept sessions of its citizens.
This is one of the [Public Key Infrastructure Weaknesses].

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]

----
[#1] - [http://en.wikipedia.org/wiki/Certificate_authority]
</pre>