Live Now:
A Certificate Authority is a trusted third-party organization that issues and manages digital certificates used to verify identities in public key cryptography.
When a CA issues a certificate, it digitally signs it using its own private key, effectively vouching for the authenticity of the certificate holder's identity and public key. This creates a chain of trust where recipients can verify certificates by checking the CA's signature against the CA's own certificate, which is typically pre-installed in operating systems and browsers as a trusted root certificate.
CAs perform identity verification before issuing certificates, with validation levels ranging from basic domain validation to extended validation requiring extensive documentation. Major commercial CAs include DigiCert, GlobalSign, and Let's Encrypt, while organizations may also operate internal CAs for private networks. The CA ecosystem is governed by industry standards and browser requirements that dictate acceptable practices, certificate lifespans, and revocation procedures to maintain the security and trustworthiness of the entire PKI system.
