Certificate Authority — Technology Wiki

Overview

Direct Answer

A Certificate Authority (CA) is a trusted third party that issues and digitally signs public key certificates, binding an organisation's identity to its cryptographic public key. CAs establish the foundation of public key infrastructure (PKI) by cryptographically verifying that a domain or entity is who it claims to be.

How It Works

A CA receives a certificate signing request (CSR) from an applicant, validates the applicant's identity through documented procedures, then signs the request with its private key to produce a digital certificate. This certificate contains the applicant's public key, identity details, validity period, and the CA's cryptographic signature. Web browsers and systems trust certificates from established CAs because they maintain strict vetting protocols and are held accountable by regulatory frameworks.

Why It Matters

CAs enable secure HTTPS connections that protect sensitive data transmission across the internet, making e-commerce, banking, and healthcare operations viable at scale. Organisations depend on certificate-based encryption to meet compliance requirements under regulations such as PCI DSS and GDPR, whilst users rely on certificate validation to avoid phishing and man-in-the-middle attacks.

Common Applications

CAs issue Transport Layer Security (TLS) certificates for websites, code-signing certificates for software distribution, and client certificates for enterprise authentication systems. Financial institutions, healthcare providers, and e-commerce platforms operate SSL/TLS infrastructure dependent on certificates from trusted CAs.

Key Considerations

Organisations must manage certificate lifecycles, including renewal before expiration and revocation when compromised, as expired or revoked certificates create operational disruptions. The CA trust model itself presents a single point of failure; compromise of a CA's private key can invalidate trust across thousands of dependent systems.

Related in Network Security

Firewall

A network security device that monitors and filters incoming and outgoing network traffic based on security rules.

Zero Trust Architecture

A security model that requires strict identity verification for every person and device accessing resources regardless of location.

Secure Access Service Edge

A cloud architecture that converges networking and security services including SD-WAN, firewall, and zero trust access into a unified cloud-delivered platform.

More in Cybersecurity

NIST Cybersecurity Framework

Security Governance

A set of voluntary guidelines for managing and reducing cybersecurity risk developed by the US National Institute of Standards.

Cross-Site Scripting

Offensive Security

A web security vulnerability allowing attackers to inject malicious scripts into web pages viewed by other users.

Threat Intelligence

Offensive Security

Evidence-based knowledge about existing or emerging threats to an organisation's digital assets and infrastructure.

Privileged Access Management

Identity & Access

Security solutions that control and monitor access for users with elevated permissions to critical systems.

Ransomware

Offensive Security

Malicious software that encrypts a victim's files and demands payment for the decryption key.

Man-in-the-Middle Attack

Offensive Security

An attack where the attacker secretly relays and potentially alters communication between two parties.

Information Security

Security Governance

The practice of protecting information by mitigating information risks including unauthorised access, use, and disruption.

Malware

Offensive Security

Malicious software designed to disrupt, damage, or gain unauthorised access to computer systems.