What is a CA (Certificate Authority or Certification Authority)?

What is a CA Certificate Authority

A CA (Certificate Authority or Certification Authority) is a trusted entity, a certification authority that issues digital certificates. Certificates are used to certify the electronic identity of communication partners. CAs form the core of the public key infrastructure and assume the role of trust centers.

What is a CA?

The abbreviation CA stands for Certificate Authority or Certification Authority. It represents a trusted third party in electronic communication. CAs are therefore often also referred to as trust centers. Digital certificates issued by CAs can be used to verify identities on the Internet.

CAs and digital certificates form the essential components of the so-called public key infrastructure (PKI) in the network. The certificate securely assigns a public key to a specific organization or person. The Certification Authority confirms this assignment by adding its own digital signature. Information contained in a certificate includes, for example, the name of the owner, the certificate’s validity period, and other information about the certificate holder.

Lists of trusted CAs are usually stored in operating systems and browsers. These lists can be used to check the certificates. If a certificate contains the signature of one of these CAs, it can be trusted. Companies, public organizations or state institutions can act as certification authorities.

READ:  What is Common Criteria?

The tasks of a CA

The following is a list of the most important tasks of a CA

  • Verifying the identity and details of the requester of a certificate
  • Issuing certificates
  • Publishing certificates
  • Managing and publishing certificate revocation lists
  • Recording all certification activities of the CA
  • Abuse at certification authorities

In the past, certification authorities have repeatedly been hacked and abused. Attackers were able to create fake certificates for specific domains or companies that were officially signed by the CA. Operating systems and browsers did not recognize the forged certificates because they were signed by a trusted CA and allowed themselves to be redirected to third-party servers. After the misuse was discovered, the certificates had to be subsequently revoked.

The CA and the web browser

For browsers or operating systems to trust a CA, it must be included in a list of approved certification authorities. If this is not the case, the user can manually classify a CA or certificate as trustworthy.

As a rule, lists of trusted CAs are preinstalled in a browser or on a computer. If a browser has accepted a certificate from a server, it can establish an encrypted connection to it. Such encrypted connections can be recognized in the browser’s address bar by the prefix “https://…”.

Special regulations for certificates and signatures in Germany

In Germany, there are legal regulations for issuing electronic certificates and signatures. The framework conditions are listed in the Signature Act (SigG), which has since been replaced by the Ordinance on Electronic Identification and Trust Services (eIDAS).

READ:  What is an NGFW? Basics of the Next Generation Firewall (NGFW)!

Issuers of certificates are subject to supervision by the German Federal Network Agency. Its purpose is to ensure the integrity and reliability of certificates and signatures in legal transactions. There are special security requirements for the data centers of the certification authorities.