Certificate authorities (CAs) are entities that validate identities and issue digital certificates. They can be either independent third parties or organizations running their own certificate-issuing server software. The certificate issued by the CA binds a particular public key to the name of the entity the certificate identifies.
In addition to a public key, a certificate always includes:
The name of the entity it identifies
An expiration date
The name of the CA that issued the certificate
The digital signature of the issuing CA
A serial number
The CA’s digital signature allows the certificate to function as a “letter of introduction” for users who know and trust the CA but do not know the entity identified by the certificate.
