Home/Glossary/Certificate Authority (CA)

Certificate Authority (CA)

A trusted entity that issues, validates, and revokes digital certificates used for secure communications.

Security InfrastructureAlso called: "ca", "certification authority"

Certificate Authorities are the trust anchors of public key infrastructure.

CA responsibilities

  • Validation: Verify identity before issuing certificates.
  • Issuance: Generate and sign digital certificates.
  • Revocation: Maintain Certificate Revocation Lists (CRLs).
  • OCSP: Provide online certificate status checking.

CA hierarchy

  • Root CA: Self-signed, highest trust level.
  • Intermediate CA: Signed by root, issues end-entity certs.
  • End-entity certificate: Issued to servers/users.
  • Certificate chain: Links end-entity to trusted root.

Types of CAs

  • Public CAs: DigiCert, Let's Encrypt, Sectigo.
  • Private CAs: Internal enterprise CAs.
  • Self-signed: No external validation (development only).

CA validation levels

  • DV (Domain Validation): Basic domain ownership.
  • OV (Organization Validation): Verified organization.
  • EV (Extended Validation): Highest scrutiny, green bar.

Certificate Transparency

  • Public logs of all CA-issued certificates.
  • Detects mis-issuance and compromised CAs.
  • Required by browsers for EV certificates.

Related Tools

Related Articles

View all articles
Formal Security Models Explained: Bell-LaPadula, Biba, Clark-Wilson, and Beyond

Formal Security Models Explained: Bell-LaPadula, Biba, Clark-Wilson, and Beyond

Master the formal security models that underpin all access control systems. This comprehensive guide covers Bell-LaPadula, Biba, Clark-Wilson, Brewer-Nash, lattice-based access control, and how to choose the right model for your organization.

Read article →
Biometric Authentication: Understanding FAR, FRR, and CER for Security Professionals

Biometric Authentication: Understanding FAR, FRR, and CER for Security Professionals

Master the critical metrics behind biometric authentication systems including False Acceptance Rate (FAR), False Rejection Rate (FRR), and Crossover Error Rate (CER). Learn how to evaluate, tune, and deploy biometric systems across enterprise, consumer, and high-security environments.

Read article →
Database Inference & Aggregation Attacks: The Complete Defense Guide

Database Inference & Aggregation Attacks: The Complete Defense Guide

Learn how inference and aggregation attacks exploit aggregate queries and combined data to reveal protected information, and discover proven countermeasures including differential privacy, polyinstantiation, and query restriction controls.

Read article →
NIST 800-88 Media Sanitization Complete Guide: Clear, Purge, and Destroy Methods Explained

NIST 800-88 Media Sanitization Complete Guide: Clear, Purge, and Destroy Methods Explained

Master NIST SP 800-88 Rev. 1 media sanitization methods including Clear, Purge, and Destroy. Covers SSD vs HDD sanitization, crypto erase, degaussing, regulatory compliance, and building a media sanitization program.

Read article →

Explore More Security Infrastructure

View all terms

Firewall

A security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Read more →

VPN (Virtual Private Network)

An encrypted network connection that creates a secure tunnel between a device and a remote network over the internet.

Read more →
Back to glossary