What is a Certificate Authority (CA) and what do they do?
A certificate authority (CA) is a company or entity that has been authorized by browsers to issue TLS/SSL and other forms of certificates. These organizations undergo annual audits by third parties to ensure that they are following defined policies and procedures for validation, issuance, and revocation of certificates as laid out in the Baseline Requirements set forth by the CA/B Forum. Internet users who visit web pages not secured by CA-issued certificates will receive browser security warnings.
How do Certificate Authorities (CAs) increase public trust on the internet?
A certificate authority (CA) is a trusted third-party that enables secure communication and transactions to occur online. CAs are also known as PKI Certificate Authorities because they issue digital certificates based on public key infrastructure (PKI). These digital certificates contain credentials confirming an authentic online identity or other verified attributes. These certificates allow:
- A browser to initiate a secure TLS/SSL session without a security warning
- A site visitor to know that the website they are visiting is authentic
- A company to communicate and transact in a safe manner with its customers
CAs also offer site seals that are a visual indicator to internet users that the site is authentic and secure. Certificate Authorities undergo annual audits to ensure that they are adhering to the best practices policies and procedures required by the CA/B Forum. When browsers trust certificates issued by a CA, they are also indicating that the CA is compliant with these policies.
The PKI Certificate Authority Trust Hierarchy
Certificate Authorities are deemed trusted by browsers and devices based on their root certificate. DigiCert Root Certificates are widely and globally trusted and are used for issuing SSL Certificates to DigiCert customers—including many Fortune 500 companies, educational and financial institutions as well as government entities and enterprises worldwide.
If you are looking for DigiCert community root and intermediate certificates, see DigiCert Community Root and Authority Certificates.