Cybersecurity Reference > Glossary
Certificate Authority (CA)
A Certificate Authority is a trusted third-party organization that issues and manages digital certificates used to verify identities in public key cryptography.
CAs serve as the foundation of Public Key Infrastructure (PKI) by creating, signing, and distributing digital certificates that bind public keys to specific entities such as individuals, organizations, or devices.
When a CA issues a certificate, it digitally signs it using its own private key, effectively vouching for the authenticity of the certificate holder's identity and public key. This creates a chain of trust where recipients can verify certificates by checking the CA's signature against the CA's own certificate, which is typically pre-installed in operating systems and browsers as a trusted root certificate.
CAs perform identity verification before issuing certificates, with validation levels ranging from basic domain validation to extended validation requiring extensive documentation. Major commercial CAs include DigiCert, GlobalSign, and Let's Encrypt, while organizations may also operate internal CAs for private networks. The CA ecosystem is governed by industry standards and browser requirements that dictate acceptable practices, certificate lifespans, and revocation procedures to maintain the security and trustworthiness of the entire PKI system.
Need Help with Certificate Authority Management?
Plurilock's PKI experts can design, deploy, and maintain your certificate infrastructure.
Get PKI Consultation → Learn more →Downloadable References
Sample Governance Policy for AI Use
Establishing Guardrails for AI Whitepaper
