Certificate Authority — Technology Wiki

Overview

Direct Answer

A Certificate Authority (CA) is a trusted third party that issues and digitally signs public key certificates, binding an organisation's identity to its cryptographic public key. CAs establish the foundation of public key infrastructure (PKI) by cryptographically verifying that a domain or entity is who it claims to be.

How It Works

A CA receives a certificate signing request (CSR) from an applicant, validates the applicant's identity through documented procedures, then signs the request with its private key to produce a digital certificate. This certificate contains the applicant's public key, identity details, validity period, and the CA's cryptographic signature. Web browsers and systems trust certificates from established CAs because they maintain strict vetting protocols and are held accountable by regulatory frameworks.

Why It Matters

CAs enable secure HTTPS connections that protect sensitive data transmission across the internet, making e-commerce, banking, and healthcare operations viable at scale. Organisations depend on certificate-based encryption to meet compliance requirements under regulations such as PCI DSS and GDPR, whilst users rely on certificate validation to avoid phishing and man-in-the-middle attacks.

Common Applications

CAs issue Transport Layer Security (TLS) certificates for websites, code-signing certificates for software distribution, and client certificates for enterprise authentication systems. Financial institutions, healthcare providers, and e-commerce platforms operate SSL/TLS infrastructure dependent on certificates from trusted CAs.

Key Considerations

Organisations must manage certificate lifecycles, including renewal before expiration and revocation when compromised, as expired or revoked certificates create operational disruptions. The CA trust model itself presents a single point of failure; compromise of a CA's private key can invalidate trust across thousands of dependent systems.

Related in Network Security

Firewall

A network security device that monitors and filters incoming and outgoing network traffic based on security rules.

Zero Trust Architecture

A security model that requires strict identity verification for every person and device accessing resources regardless of location.

Secure Access Service Edge

A cloud architecture that converges networking and security services including SD-WAN, firewall, and zero trust access into a unified cloud-delivered platform.

More in Cybersecurity

ISO 27001

Security Governance

An international standard for information security management systems specifying requirements for establishing and maintaining security.

Information Security

Security Governance

The practice of protecting information by mitigating information risks including unauthorised access, use, and disruption.

Vulnerability Assessment

Offensive Security

The process of identifying, quantifying, and prioritising security vulnerabilities in systems and applications.

Blue Team

Offensive Security

A group of security professionals who defend against both real attackers and simulated attacks from red teams.

Supply Chain Attack

Offensive Security

A cyberattack targeting the less-secure elements of a supply chain to compromise a primary target.

Phishing

Offensive Security

A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information.

Zero-Day Vulnerability

Offensive Security

A software security flaw unknown to the vendor that can be exploited before a patch is available.

Security Information and Event Management

Offensive Security

Technology that aggregates and analyses security data from across an organisation to detect threats.