Cybersecurity
Certificate Authority (CA)
Definition
A Certificate Authority (CA) is a trusted entity that issues digital certificates. The CA acts as a trusted third party, trusted by both the subject (owner) of the certificate and the party relying upon the certificate.
Why It Matters
CAs are a cornerstone of the internet's trust model (PKI). Your web browser comes with a pre-installed list of trusted CAs. When you visit a secure website, your browser trusts it because the site's certificate was signed by one of these trusted authorities.
Contextual Example
Let's Encrypt is a popular non-profit CA that provides free TLS certificates, which has been instrumental in the widespread adoption of HTTPS across the web.
Common Misunderstandings
- A CA's primary job is to verify the identity of the entity requesting a certificate before issuing it.
- If a CA is compromised, it can have serious security implications, as attackers could issue fraudulent certificates.