Certificate Authority
A Certificate Authority (CA) is a trusted organization that issues digital certificates verifying the identity of websites, individuals, or devices, forming the backbone of trust for secure, encrypted communication on the internet.
Definition
A Certificate Authority (CA) is a trusted organization that issues digital certificates verifying the identity of websites, individuals, or devices, forming the backbone of trust for secure, encrypted communication on the internet.
Overview
When a website obtains a TLS certificate, a CA verifies some level of ownership or organizational identity — ranging from domain control validation to full organizational vetting — and then digitally signs the certificate with its own private key. Browsers and operating systems ship with a built-in list of trusted root CAs, and when a browser connects to a site over HTTPS, it checks that the site's certificate was signed by a CA in that trusted chain (directly or through an intermediate CA), which is how Man-in-the-Middle Attacks are largely prevented — an attacker without access to a trusted CA's private key cannot forge a convincing certificate. Certificate types vary in the level of validation performed: Domain Validation (DV) confirms only that the requester controls the domain, Organization Validation (OV) additionally verifies the requesting organization, and Extended Validation (EV) involves the most rigorous identity checks. The nonprofit CA Let's Encrypt automated and popularized free, short-lived DV certificates, dramatically increasing HTTPS adoption across the web. Understanding certificate chains, expiration, and revocation is practical knowledge for anyone deploying web infrastructure, a topic touched on in Security & Networking Foundations.
Key Concepts
- Issues and digitally signs certificates verifying identity
- Root CAs are pre-trusted by browsers and operating systems
- Certificate chains link a website's certificate back to a trusted root
- Validation levels range from Domain Validation to Extended Validation
- Enables HTTPS trust and largely prevents certificate forgery
- Let's Encrypt popularized free, automated domain-validated certificates