Home > Mechanisms > Certificate Authority

Certificate Authority

Certificate Authority

The certificate authority, or certification authority, is the public key infrastructure (PKI) entity that digitally signs certificates and certificate revocation lists (CRLs). The CA generates some certificate information but is primarily responsible for collecting information from authorized sources and entering that information into a certificate before signing.

The CA digitally signs and issues a subscriber's certificate when authorized by the appropriate trusted person or process, called a registration authority (RA). The RA ensures that only valid and appropriate information is included in the certificate and maintains evidence that due diligence was exercised in confirming the information to the required assurance level of the PKI.

Figure 1 - An example of a certificate authority as part of a public key infrastructure (PKI).

Figure 1 shows a certificate authority issuing certificates and CRLs as part of a PKI. The PKI must be operated in accordance with a certificate policy and certificate practice statement (CPS) that establishes the security assurance level of the issued certificates. Periodic audits are performed to confirm that the PKI is being operated in accordance with their CPS.

Related Patterns:

CloudSchool.com Cloud Certified Professional (CCP) Module 7: Fundamental Cloud Security
CloudSchool.com Cloud Certified Professional (CCP) Module 8: Advanced Cloud Security

This mechanism is covered in CCP Module 7: Fundamental Cloud Security and
in Module 8: Advanced Cloud Security.

For more information regarding the Cloud Certified Professional (CCP) curriculum, visit www.arcitura.com/ccp.

Cloud Computing Design Patterns

This cloud computing mechanism is also covered in:

Cloud Computing Design Patterns by Thomas Erl, Robert Cope, Amin Naserpour

(ISBN: 9780133858563, Hardcover, ~ 528 pages)

For more information about this book, visit www.arcitura.com/books.