Certificate Authority - CA
These are trusted entities that provide SSL & TLS Certificates certificates, these are digital certificates that are cryptographically linked with an public key. As providers of these certificates they are a reliable and critical trust anchor for the Public Key Infrastructure (PKI) . They help secure internet for organizations and users.
The main goal of a CA is to verify the authenticity and trustworthiness of a website, domain and organization so users know exactly who they’re communicating with online and whether that entity can be trusted with their data.
An entity — organization or person — can request a digital certificate from a CA. First, it generates a key pair, which consists of the following:
- Private Key which should not be shown to anyone
- Public Key, mentioned in the digital certificate issued by the CA, the applicant also generates a Certificate Signing Request Certificate Signing Request, an encoded text file which has information about the following.
- Domain name.
- Additional or alternative domain names, including subdomains
- Organisation details and contact information.
The information in the Certificate Signing Request (CSR) is dependent on the intended use of the certificate
The information in the Certificate Signing Request (CSR) is then validated and verified by the CA and also confirms the applicants identity, digitally signs it with it’s private key and issues a Certificate to the applicant.
After which the Certificate can be authenticated by the web.
CAs often accept requests from applicants directly. Sometimes, they delegate the task of authenticating applicants to registration authorities. The RA collects and authenticates digital certificate requests and then submits those requests to the CA, which then issues the certificate to be passed through the Registration Authority - RA to the applicant.