![]() |
| |||||||||
|
CAThe trusted parties that sign, issue and manage certificates are called certification authorities (CA). A CA is the instance that vouches for the identity and trustworthiness of the end entity it grants the certificates to. Certification authorities can be thought of as being analogous to governments issuing passports for their citizens. CA can be a third party trusted by everyone in the PKI, or it can belong to the same organization as the end entities. CAs can also certify other CAs (to issue certificates) by signing so-called CA certificates. This leads to a tree-like structure of CA hierarchies. The top CA in the "tree" is called a root CA. A new root CA is established in two steps:
The public keys of CAs are usually built into specific client applications. CA keys are then distributed when the client applications are installed to the end users' devices (workstations, laptops, PDAs). Before end entities can communicate securely, also their public keys need to be certified by enrolling the end entities into the PKI and having their certificates issued by the CA.
[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]
Copyright © 2001 SSH Communications Security Corp |