Certificate Authority (CA)
Certificate Authorities are organizations or individuals that issue X.509 Certificates and publish Certificate Revocation Lists (CRLs). The process of requesting a certificate typically begins with a Subject submitting a Certificate Signing Request along with any other information required by the CA. The identity of the (Subject) must then be verified. This identification is typically performed by a Registration Authority, which can be an individual or group within the same organization as the CA or in a separate organization. Once the identity has been verified, the CA uses the CSR provided with the request to verify that the Subject has the Private Key corresponding to the Public Key in the CSR. Once the CSR is verified, the CA creates the data structure of the Certificate and signs it. CAs must make their own Certificates (Root or Intermediate Root) available to Relying Parties so that the Certificates they issue can be verified. In addition to issuing Certificates, CAs also publish CRLs to indicate which Certificates have been revoked before they expire. CAs must take appropriate steps to authenticate revocation requests to ensure that Certificates are not improperly revoked.
- Problems
- Best Practices
- Measureable Successful Results
- Function