What is a Certificate Authority (CA) and functions of a Certificate Authority (CA)
Certificate Authority (CA) is a trusted entity that issues Digital Certificates and public-private key pairs. The role of the Certificate Authority (CA) is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be.
The Certificate Authority (CA) verifies that the owner of the certificate is who he says he is. A Certificate Authority (CA) can be a trusted third party which is responsible for physically verifying the legitimacy of the identity of an individual or organization before issuing a digital certificate.
A Certificate Authority (CA) can be an external (public) Certificate Authority (CA) like verisign, thawte or comodo, or an internal (private) Certificate Authority (CA) configured inside our network.
Certificate Authority (CA) is a critical security service in a network. A Certificate Authority (CA) performs the following functions.
Certificate Authority (CA) Verifies the identity: The Certificate Authority (CA) must validate the identity of the entity who requested a digital certificate before issuing it.
Certificate Authority (CA) issues digital certificates: Once the validation process is over, the Certificate Authority (CA) issues the digital certificate to the entity who requsted it. Digital certificates can be used for encryption (Example: Encrypting web traffic), code signing, authentocation etc.
Certificate Authority (CA) maintains Certificate Revocation List (CRL): The Certificate Authority (CA) maintains Certificate Revocation List (CRL). A certificate revocation list (CRL) is a list of digital certificates which are no longer valid and have been revoked and therefore should not be relied by anyone.