Your digital certificate is the virtual
equivalent of a passport or other form of identification that confirms your identity.
CERTIFICATION AUTHORITIES
The CA is the most critical component of PKI. Without CAs, there would be no digital
certificates, and without digital certificates or public keys, there would be no digital signatures.
The CA controls all aspects of certificate management. It is in charge of creating
and then issuing the certificates to authorized users and computers. If a certificate has
been compromised, you can revoke it at the CA and it will be added to the Certificate
Revocation List (CRL).
A CA is nothing more than a certificate-generating entity. What prevents anyone from
generating certificates haphazardly and doing whatever they want with them? Nothing!
Anyone can set up a CA to work completely alone and issue certificates, and this is perfectly
fine for certain applications. In the real world, certificates are used to interact with entities
across company boundaries. You and another company can either add each other??™s root
certificates to your list of trusted certificates, or you can configure your CA to be part of a
larger hierarchy of CAs that implicitly trust one another. For example, you can have your
CA??™s root certificate cosigned by a trusted commercial CA that can vouch for your identity.
Large commercial CAs are responsible for verifying the identity of the person or entity
that is either applying for one of the CA??™s certificates or seeking the ability to issue
their own certificates.
Pages:
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438