Home/Glossary/Certificate Authority (CA)

Certificate Authority (CA)

A trusted entity that issues, validates, and revokes digital certificates used for secure communications.

Security InfrastructureAlso called: "ca", "certification authority"

Certificate Authorities are the trust anchors of public key infrastructure.

CA responsibilities

  • Validation: Verify identity before issuing certificates.
  • Issuance: Generate and sign digital certificates.
  • Revocation: Maintain Certificate Revocation Lists (CRLs).
  • OCSP: Provide online certificate status checking.

CA hierarchy

  • Root CA: Self-signed, highest trust level.
  • Intermediate CA: Signed by root, issues end-entity certs.
  • End-entity certificate: Issued to servers/users.
  • Certificate chain: Links end-entity to trusted root.

Types of CAs

  • Public CAs: DigiCert, Let's Encrypt, Sectigo.
  • Private CAs: Internal enterprise CAs.
  • Self-signed: No external validation (development only).

CA validation levels

  • DV (Domain Validation): Basic domain ownership.
  • OV (Organization Validation): Verified organization.
  • EV (Extended Validation): Highest scrutiny, green bar.

Certificate Transparency

  • Public logs of all CA-issued certificates.
  • Detects mis-issuance and compromised CAs.
  • Required by browsers for EV certificates.

Related Tools

Related Articles

View all articles
MDR Vendor Performance Benchmarks: The Metrics That Matter

MDR Vendor Performance Benchmarks: The Metrics That Matter

Only a handful of MDR providers publish detection and response time benchmarks. We compiled every publicly citable metric from CrowdStrike, Expel, Huntress, eSentire, Arctic Wolf, Red Canary, and Microsoft to help you compare vendors on data, not marketing.

Read article →
CrowdStrike vs Expel: MDR Detection Speed Comparison

CrowdStrike vs Expel: MDR Detection Speed Comparison

CrowdStrike and Expel are two of the only MDR providers that publish both detection and response time benchmarks. Expel is faster on MTTR (13 min vs 37 min). CrowdStrike has MITRE validation.

Read article →
CrowdStrike vs SentinelOne: Endpoint Security and MITRE ATT&CK Compared

CrowdStrike vs SentinelOne: Endpoint Security and MITRE ATT&CK Compared

Both CrowdStrike and SentinelOne deliver strong MITRE ATT&CK detection results. The key difference: CrowdStrike is the only vendor with MITRE Managed Services evaluation.

Read article →
AES vs Classical Ciphers: Why Modern Encryption Actually Works

AES vs Classical Ciphers: Why Modern Encryption Actually Works

Understand why AES is unbreakable while Caesar cipher fails instantly. Learn the fundamental differences between classical and modern encryption, and why proper cryptography matters for real security.

Read article →

Explore More Security Infrastructure

View all terms

Firewall

A security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Read more →

VPN (Virtual Private Network)

An encrypted network connection that creates a secure tunnel between a device and a remote network over the internet.

Read more →
Back to glossary