Skip to content

Certificate Authority

A certificate authority (CA) is an organization that validates the identities of websites, companies, individuals, or other entities by issuing cryptographic keys found within digital certificates. HTTPS has become the default standard for many online services, leading to increased usage of certificates. 

What Are Digital Certificates and CSRs?

Digital certificates are electronic files used to authenticate the identity of an individual or device. They enable encryption for secure communication online while also acting as a signed document to verify the integrity of transmitted data.

Certificates work by producing a public key and a private key. Another element involved is an encoded text file known as the certificate signing request (CSR), which may contain:

  • The domain name
  • The issuing organization
  • Contact information like an email address
  • The public key

By contrast, the private key is kept only by the applicant of the certificate and is never shown to anybody else, not even the certificate authority.

Common terms associated with certificates include the SSL protocol, or Secure Sockets Layer, as well as its upgraded format, Transport Layer Security (TLS). SSL/TLS certificates encrypt and authenticate data streams to turn standard HTTP into a more secure HTTPS (Hypertext Transfer Protocol Secure).

What Types of Certificates Exist?

There are several other certificates that exist, including:

  • Code signing: Software developers often sign distributions of their products to validate downloads.
  • Client signing: These signature verifications help individuals with authentication.
  • Email signing: These certificates validate the authenticity of the sender..
  • Object signing: Any software objects are also eligible for certificate application.

Regardless of type, certificates go through a similar process during their life cycles.

What Does the Certificate Process Look Like?

A typical interaction between an applicant and a company involves the following steps to install the certificate:

  • The applicant server generates the keys and the CSR.
  • The CSR is sent to the certificate authority.
  • The CA verifies the information and digitally signs the certificate with a private key.
  • The certificate is sent back to the applicant for use in cryptographic functions.

The certificate authority is the original issuer of the digital certificate and produces the public key for its applicants to use. The main job of the CA is to verify the trustworthiness of a website or organization when sharing data so a cyberattack cannot steal the identity of a genuine recipient.

CAs have several roles in the process:

  • Creating the certificates initially
  • Building trust between online entities
  • Verifying the identity of organizations in a network
  • Revoking certificates to ensure security

This process relies on a concept in cybersecurity known as the Chain of Trust.

What Is the Certificate Authority Chain of Trust?

Most businesses use more than one certificate. Multiple certificates are used in a chain where new ones are issued by others. This results in a hierarchy of certificates known as a Chain of Trust, which includes:

  • The trust anchor which originates at the certificate authority.
  • One or more intermediate certificates that connect the ultimate end-user with the CA.
  • The end-entity certificate that represents the website, organization, or individual whose identity will be verified.

Every “link” in this chain adds to the integrity of the entire system. Above all, the CA acting as the trust anchor must be valid to maintain security of the entire chain. In fact, the trust anchor is often built into the web browser or operating system itself.

Intermediate certificates, also known as subordinates or issuing CAs, serve as the buffer between the anchor and the end-user. Most public CAs mandate their use as an added flexible option to boost integrity.

The final link in the chain is the end-entity certificate, also known as the subscriber. This last link cannot issue additional certificates.

The Chain of Trust ensures security, reliability, trust, and compliance for the certificate authorities and end users it serves.

Short Description: “Trust no one” is commonly associated with the Zero Trust Model. Zero Trust continues to grow in popularity with network engineers and IT professionals in all industries. Learn more about the Zero Trust Model, how it works, and whether it’s the right fit for your company.