Certificate Authorities are the trust anchors of public key infrastructure.
CA responsibilities
- Validation: Verify identity before issuing certificates.
- Issuance: Generate and sign digital certificates.
- Revocation: Maintain Certificate Revocation Lists (CRLs).
- OCSP: Provide online certificate status checking.
CA hierarchy
- Root CA: Self-signed, highest trust level.
- Intermediate CA: Signed by root, issues end-entity certs.
- End-entity certificate: Issued to servers/users.
- Certificate chain: Links end-entity to trusted root.
Types of CAs
- Public CAs: DigiCert, Let's Encrypt, Sectigo.
- Private CAs: Internal enterprise CAs.
- Self-signed: No external validation (development only).
CA validation levels
- DV (Domain Validation): Basic domain ownership.
- OV (Organization Validation): Verified organization.
- EV (Extended Validation): Highest scrutiny, green bar.
Certificate Transparency
- Public logs of all CA-issued certificates.
- Detects mis-issuance and compromised CAs.
- Required by browsers for EV certificates.
Related Articles
View all articlesIncident Management Tools: The Complete Guide for 2026
From on-call scheduling to status pages to postmortems — a comprehensive guide to the tools that power modern incident management, with honest comparisons and pricing.
Read article →Best Atlassian Statuspage Alternatives: Status Page Tools Compared
Atlassian Statuspage is the default choice for hosted status pages, but pricing adds up fast. We compare the best alternatives for teams of every size.
Read article →Best PagerDuty Alternatives in 2026: Features, Pricing, and Who They're For
PagerDuty is the market leader in on-call management, but it's not the only option. We compare the best alternatives — from budget-friendly to enterprise-grade.
Read article →PagerDuty vs Opsgenie: Which On-Call Platform Is Right for Your Team?
A detailed comparison of PagerDuty and Opsgenie — pricing, features, escalation policies, integrations, and which teams each serves best.
Read article →