Using a Certificate Authority: A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates.
A certificate is nothing more than a mechanism that associates the public key with an individual. It contains a great deal of information about the user.
Each user of a PKI system has a certificate that can be used to verify their authenticity. One of the first steps in getting a certificate is to submit a certificate-signing request (CSR).
This is a request formatted for the CA. This request will have the public key you wish to use and your fully distinguished name (often a domain name). The CA will then use this to process your request for a digital certificate.
For instance, if Mike wants to send Jeff a private message, there should be a mechanism to verify to Jeff that the message received from Mike is really from Mike.
If a third party vouches for Mike and Jeff trusts that third party, Jeff can assume that the message is authentic because the third party says so.
Below shows this process happening in a communication between Mike and Jeff. The arrows in this figure show the path between the CA and the person using the CA for verification purposes.
The Certificate Authority Process
CAs can be either private or public, with VeriSign being one of the best known of the public variety.
Many operating system providers allow their system to be configured as CA systems.
These CA systems can be used to generate internal certificates that are used within a business or in large external settings.
The process of providing certificates to users, although effective in helping to ensure security, requires a server, Over time, the server can become overloaded and need assistance.
An additional component, the registration authority, is available to help offload work from the CA. Registration authorities are discussed in the next section.