Please enable JavaScript.
Coggle requires JavaScript to display documents.
Certificate Authority - Coggle Diagram
Certificate Authority
-
-
misc
In the SSL ecosystem, anyone can generate a signing key and use it to sign a new certificate. However, that certificate isn’t considered valid unless it has been directly or indirectly signed by a trusted CA.
A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate.
When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can rely on the public key it contains to establish secure communications with another party, or validate documents digitally signed by the corresponding private key.
In essence, the certificate authority is responsible for saying "yes, this person is who they say they are, and we, the CA, certify that".
Chain of trust
When a device validates a certificate, it compares the certificate issuer with the list of trusted CAs. If a match isn’t found, the client checks to see if the certificate of the issuing CA was issued by a trusted CA, and continues until the end of the certificate chain. The top of the chain, the root certificate, must be issued by a trusted Certificate Authority.
oprogramowanie służące do zarządzania urzędem certyfikującym jest openSSL oraz ADCS (active directory certification services)
-
trust anchor
No revocation checks are done for such certificates, they are inherently considered trustworthy.
-