Security InfrastructureAlso called: "ca", "certification authority"
Certificate Authorities are the trust anchors of public key infrastructure.
CA responsibilities
- Validation: Verify identity before issuing certificates.
- Issuance: Generate and sign digital certificates.
- Revocation: Maintain Certificate Revocation Lists (CRLs).
- OCSP: Provide online certificate status checking.
CA hierarchy
- Root CA: Self-signed, highest trust level.
- Intermediate CA: Signed by root, issues end-entity certs.
- End-entity certificate: Issued to servers/users.
- Certificate chain: Links end-entity to trusted root.
Types of CAs
- Public CAs: DigiCert, Let's Encrypt, Sectigo.
- Private CAs: Internal enterprise CAs.
- Self-signed: No external validation (development only).
CA validation levels
- DV (Domain Validation): Basic domain ownership.
- OV (Organization Validation): Verified organization.
- EV (Extended Validation): Highest scrutiny, green bar.
Certificate Transparency
- Public logs of all CA-issued certificates.
- Detects mis-issuance and compromised CAs.
- Required by browsers for EV certificates.