Registration Authority - RA
A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the Certificate Authority - CA to issue it. RAs are part of a public key infrastructure (PKI), a networked system that enables companies and users to exchange information and money safely and securely. The digital certificate contains a public key that is used to encrypt and decrypt messages and digital signatures.
RA’s cannot create or issue a certificate, as this is the sole responsibility of the Certificate Authority - CA, Registration Authority - RA works as an intermediary for the CA to collect the necessary information and to process the following tasks
- Receive user or device certificates
- validate users or devices
- authenticate users or devices
- revoke credentials if the certificate is no longer valid
The main purpose of the RA is to ensure that a user or a device is allowed to request a digital certificate from a specific website or application, when allowed the RA forwards the request to the CA to complete the digital certificate request process
What is the Difference between Certificate Authority and Registration Authority?
A registration authority can be thought of as a gatekeeper to a certificate authority. In order to be issued a certificate, the requesting user or device must first register with the RA and fulfill the necessary requirements, including identity and authentication checks. This comes in the form of a certificate signing request.
Requests that are successfully registered by the RA are then forwarded to the CA, whose responsibility is to issue an electronic document called a certificate. This certificate is issued to the requesting user or device. The issued certificate can be validated against the CA’s public key to ensure that the certificate is indeed valid and that the connection to the remote resource is trusted.