Certification Authority

Public key infrastructure (PKI) is a centralized function that is established to store and publish public key and other digital information. PKI mainly provides digital certificates, certificate authority (CA), registration authority (RA), certificate revocation list (CRL), certificate validation (VA), key management and certification practice statement (CPS). Certificate authority (CA) issues digital certificates to entities on behalf of the PKI establishment. The digital certificate will then be provide communicating entities with the assurance that the parties they are establishing connection with are who they claim they are. Moreover, the digital certificates are trusted copies of an individual’s public key. When users ensure that a certificate was issued and signed by a trusted certificate authority (CA), they know that the public key is valid and the communication is legitimate and trustworthy. Besides, digital certificates contain unique information about the entity and its creation is governed by an international governing standard known as X.509 standard.

The digital certificates that are created according to the X.509 standard one or more of the following data:

• Version of X.509
• Serial number
• Identifier of signature algorithm
• Name of issuing authority
• Period of validity
• Entity’s or subject’s name
• Public key of the subject

The CAs are the most important components of PKI so that entities such as computers, people, email addresses, and websites can receive digital certificate to secure themselves. Furthermore, entities must prove themselves to receive digital certificate from internationally recognized certificate authority (CA).

Some of the most common and trusted CAs nowadays include the following:

• GoDaddy
• Semantec
• Entrust
• DigiCert
• Verisign
• More

Digital certificates have the following major lifecycle to take into considerations:

• Enrollment
• Verification
• Revocation
• Disposal