One problem with self-signed certificates is that an adversary can create a fake certificate using a different public- and private-key pair. Someone, mistaking the fake certificate for the original, may unknowingly encrypt his or her message using the substitute public key, rather than that owned by the intended recipient. Only the adversary, who knows the substitute private key, could read a message encrypted using the fake certificate.
To guard against such an attack, both the user and the owner of the certificate must agree to trust a third party. This third party, called a signing authority or certificate authority, adds a digital signature to the certificate using his or her private key. Once signed, the document certificate can be altered only with the aid of the third party. To sign a certificate, the certificate authority need not know the private key of the certificate owner.
The certificate authority need not be an external person or organization. If the certificates are to be used only within the company, it may be appropriate for someone at the company to act as the certificate authority.
To create a trustworthy system, a certificate authority must confirm the identity of a certificate owner before signing a certificate. In particular, the certificate authority must check that the identity fields in the certificate accurately describe the certificate owner and that the certificate owner owns the matching private key.
Someone wishing to use this certificate to communicate with the certificate owner must have confidence in the following:
Before signing the certificate, the certificate authority made certain that the identity information contained in the certificate correctly identified the certificate owner.
Each private key is known only to the certificate owner.
The user has a reliable copy of the certificate authority’s public key.
To satisfy these conditions, not only must the user have confidence in the integrity of the certificate authority, but the user must also have obtained the same public key directly from the certificate authority.
To obtain valid copies of a public key, users of this system typically obtain copies of a self-signed certificate owned by the certificate authority. To foil impostors, the certificate must be obtained by reliable means.
In addition, each client must store the copy of the certificate authority’s certificate securely. Should an adversary have access to the user’s computer, he or she could replace the certificate authority's certificate with a fake.