Certificate Authority

A Certificate Authority (CA) is a trusted central administrative entity that can issue digital certificates to users and servers.

The trust in the CA is the foundation of trust in the certificate as a valid credential. A CA uses its private key to create a digital signature on the certificate that it issues to validate the certificate's origin. Others can use the CA certificate's public key to verify the authenticity of the certificates that the CA issues and signs.

A CA can be either a public commercial entity or it can be a private entity that an organization operates for internal purposes. Several businesses provide commercial Certificate Authority services for Internet users. Digital Certificate Manager (DCM) allows you to manage certificates from both public CAs and private CAs.

Start of changeAlso, you can use DCM to operate your own private local CA to issue private certificates to servers or clients in the organization. End of change

Trusted root status

The term trusted root refers to a special designation that is given to a Certificate Authority certificate. This trusted root designation allows a browser or other application to authenticate and accept certificates that the Certificate Authority (CA) issues.

When you download a Certificate Authority's certificate into your browser, the browser allows you to designate it as a trusted root. Other applications that support using certificates must also be configured to trust a CA before the application can authenticate and trust certificates that a specific CA issues.

You can use DCM to enable or disable the trust status for a Certificate Authority (CA) certificate. When you enable a CA certificate, you can specify that applications can use it to authenticate and accept certificates that the CA issues. When you disable a CA certificate, you cannot specify that applications can use it to authenticate and accept certificates that the CA issues.

Certificate Authority policy data

When you create a local Certificate Authority (CA) with Digital Certificate Manager, you can specify the policy data for the local CA. The policy data for a local CA describes the signing privileges that it has. The policy data determines:
  • Whether a Local CA can issue and sign user certificates.
  • How long certificates that a Local CA issues are valid.