FTPS and HTTPS are internet protocols that use Secure Sockets Layer (SSL) technology to perform secure and encrypted communications between client and server applications. When initializing an SSL connection with a server, the client requests the server's x.509 certificate to authenticate the server. The server's certificate identifies the server to the client and provides the server's public key. SSL server authentication allows a client application to confirm the identity of the server application. The client application through SSL uses standard public key cryptography to verify that the server’s certificate and public key are valid and that the certificate has been signed by a trusted certificate authority (CA) that is known to the client application. The client and the server then use negotiated session keys to begin encrypted communications.

One of the most important pieces of the SSL server authentication scheme is the trusted certificate authority (CA). Certificate authorities are trusted organizations that verify information about servers and then issue digital certificates that can be accepted by applications as authentication of server identities when used in a secure handshaking protocol such as SSL. Trusting a certificate issued by a certificate authority is analogous to accepting a passport issued by a national passport agency as proof of identity. We trust that the agency has taken proper measures to verify the identity of the bearer of the passport. In a similar manner, applications may accept certificates signed by a certificate authority.

A certificate authority certificate is associated with a certificate authority and is used to verify signatures in other certificates. Such a certificate may also be known as a root certificate. GeoTrust is an example of a certificate authority that provides certificate authority certificates. The IBM secure delivery servers use a server certificate signed by the GeoTrust certificate authority.