Certificate authorities (CAs) are organizations that issue and manage digital certificates. Digital certificates are used to establish the identities of individuals/organizations and to secure digital communication.

A digital certificate contains information about the identity of the certificate’s holder, as well as their issuing Certificate Authority, and a unique serial number. CAs allow users to visit websites that use digital certificates, and ensure the validity of the certificate. This is known as a secure connection, which increases the trustworthiness of your website.

CA digital certificates

These digital certificates are used to validate the identities of people, companies, websites, or email addresses, using cryptographic keys to issue them digital certificates. 

The digital certificate serves as a credential to the institution that receives it. Documents cannot be altered by a third party when signed with the digital certificate. Additionally, a digital certificate can enable encrypted communications. 

How does this work?

Digital certificates employ public and private keys. Think of the private key like your password: you don’t give it out to anyone. Meanwhile, the public key can be used by third parties to validate your digital identity. This is not strictly private information. 

These keys are utilized in the process called CSR—certificate signing request. A CSR is an encoded text file that has public key information that will appear on the certificate. This process takes place at the server/workstation where the certificate will be installed. Information on the CSR varies depending on the purpose it will serve. 

Once you’ve generated the CSR, you send it to the CA. They verify that the information is correct, digitally sign the certificate, and issue a private key sent to you—the applicant. The signed certificate allows all parties to verify that the certificate was sent by someone with authority to do so and that it has not been altered in the process. This authority is governed by the chain of trust.

What is a chain of trust?

A chain of trust is a hierarchy of certificates used to verify the validity of the certificate’s issuer. Essentially, certificates higher up in the hierarchy can sign certificates that are lower down. 

You can inspect a website’s certificate when visiting an HTTPS site. The certificate includes the chain of trust, including the following details:

Trust anchor — original certificate authority (CA)

A trust anchor is often installed on web browsers or operating systems to verify the authenticity of websites or other digital products. 

Intermediate certificate

The site will include at least one intermediary, shielding between the CA and the end-entity certificate

These certificates are used by large organizations as they have multiple CAs, helping to simplify the system while improving security. This allows an organization to establish trust in its own certificates without having to verify each certificate it issues individually. This is the final link of the chain of trust. 

To summarize, a chain of trust is critical as it ensures digital certificates are authentic and trusted. Having a chain of trust offers protection against security threats, including man-in-the-middle attacks. 

End-entity certificate

These are used to validate the identity of an entity. This certificate is issued by a CA and used by the individual for secure communication/authentication. They are issued to end users to establish trust in their identity, authenticating the identity of the certificate holder.

In conclusion, certificate authorities play a crucial role in the digital world by issuing and managing digital certificates. These certificates serve as a credential that validates the identity of individuals or organizations and secures digital communication. The process of issuing digital certificates involves the use of public and private keys and a chain of trust to verify the authenticity of the certificate and its issuer. A chain of trust is a hierarchy of certificates that ensures the validity of the certificate and protects against security threats.