8/7/2019 Certificate_authority

1/1

Certificate authorityFrom Wikipedia, the free encyclopedia

In cryptography, a certificate authority or certification authority (CA) is an entity that issuesdigital certificates. The digital certificate certifies the ownership of a public key by the named subjectof the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the

private key that corresponds to the public key that is certified. In this model of trust relationships, aCA is a trusted third party that is trusted by both the subject (owner) of the certificate and the partyrelying upon the certificate. CAs are characteristic of many public key infrastructure (PKI) schemes.

Commercial CAs charge to issue certificates that will automatically be trusted by most web browsers(Mozilla maintains a list of at least 36 trusted root CAs, though multiple commercial CAs or their

resellers may share the same trusted root).[1] The number of web browsers and other devices andapplications that trust a particular certificate authority is referred to as ubiquity.

Aside from commercial CAs, some providers issue digital certificates to the public at no cost. Largeinstitutions or government entities may have their own CAs.

Contents

1 Issuing a certificate2 Example3 Subversion of CA4 Security5 Providers6 Open source implementations

7 See also8 References9 External links

Issuing a certificate

A CA issues digital certificates that contain a public key and the identity of the owner. The matchingprivate key is not similarly made available publicly, but kept secret by the end user who generated thekey pair. The certificate is also a confirmation or validation by the CA that the public key contained

in the certificate belongs to the person, organization, server or other entity noted in the certificate. ACA's obligation in such schemes is to verify an applicant's credentials, so that users and relyingparties can trust the information in the CA's certificates. CAs use a variety of standards and tests to doso. In essence, the Certificate Authority is responsible for saying "yes, this person is who they saythey are, and we, the CA, verify that".

If the user trusts the CA and can verify the CA's signature, then he can also verify that a certain publickey does indeed belong to whoever is identified in the certificate.

Example

Public-key cryptography can be used to encrypt data communicated between two parties. This cantypically happen when a user logs on to any site that implements the HTTP Secure protocol. In thisexample let us suppose that the user logs on to his bank's homepage www.bank.example to do online

Page 1 of 1Certificate authority - Wikipedia, the free encyclopedia

18-02-2011http://en.wikipedia.org/wiki/Certificate_authority