Open Web PortalSupport
Globe Icon
  • Products

    image
    Electronic Signature
    Send out contracts in seconds. Confidently, securely and intuitively.
    Read more >
    image
    Digital Identifying
    Remotely verify identities. Without in-person id check, or copies.
    Read more >
  • Solutions

    image
    Web Portal
    Complete web portal for electronic signatures, digital identification and much more.
    Open portal >
    image
    API
    Easily integrate Signhost into your own system with our REST API.
    Read more >
    image
    Mobile App
    Sign and send documents quickly, easily, and securely with the Signhost app.
    Read more >
  • Integration

    image
    API
    Easily integrate Signhost into your own system with our REST API.
    Read more >
    image
    Third-Party Integrations
    Connect with popular software solutions such as AFAS, Salesforce, and more.
    Read more >
  • Pricing

    image
    Electronic Signature
    See pricing for electronic signing with Signhost.
    See pricing >
  • Insights

Pricing
See and compare various packages and prices for Electronic Signing or ID Proof by Signhost.
image
Electronic Signature
See pricing for electronic signing with Signhost.
See pricing >
image

What is a Certificate Authority?

The role of a certificate authority is essential in digital security and this article explains what a CA is, what it does and how it functions.

A certificate authority (CA) is an organization that validates the identities of websites, email addresses, organizations and individuals in the digital realm. After authenticating the source, CAs bind these identities to cryptographic keys by issuing digital certificates.

Role of CAs in digital security

CAs play a pivotal role in securing all digital communication. They authenticate the identity of the organization or individual applying for a digital certificate, ensuring that the enclosed information accurately represents them.

These certificates enable encoded communication between two parties via public key infrastructure (PKI). The CA adds its digital signature to the certificate using a private key which can be verified with a public key, ensuring the certificate’s validity.

What eIDAS says about CAs

The Electronic Identification and Trust Services (eIDAS) regulation does not mention CAs specifically. Instead, it talks about qualified trust service providers (QTSPs). This broad category includes accredited entities that provide a variety of services, including the issuance of electronic seals, signatures, timestamps and qualified certificates.

eIDAS states that QTSPs should verify (adhering to national laws) the identity and specific attributes (if applicable) of the natural or legal entity receiving the certificate.

It also outlines the framework for the supervision and accreditation of QTSPs, emphasizing mutual recognition across EU states.

Core functions

The key responsibilities of CAs include:

Issuing digital certificates

A CA is responsible for issuing digital certificates — abiding by industry standards and best practices — to uphold trust in digital communications and transactions. They must verify the identity of the recipient and issue a certificate that securely links this identity to a public key.

Managing certificate lifecycles

After issuing a digital certificate, it must be managed throughout its validity period. This includes ensuring compliance with security policies, tracking usage and performance, verifying its legitimacy and revoking it if the private key is compromised or the subject matter changes, such as an employee leaving their company, for example.

Publishing certificate revocation lists

Certificate revocation lists (CRLs) are time-stamped lists with information about certificates revoked by the issuing authority before their scheduled expiration. Each entry includes a serial number that identifies a specific certificate and the reason for revocation.

The CA generates this list periodically and signs it with its private key to ensure integrity. CRLs are made available via secure communications channels, including websites and lightweight directory access protocol (LDAP) directories.

Types of certificates issued by CAs

· Digital signature certificates: Add a layer of security to online transactions and communications. They offer a means to validate the identity of the signer and ensure the integrity of the associated data.

· Code signing certificates: Used by software developers and publishers to sign their executable files and software components. They ensure the integrity of the code and allow end users to validate their software downloads.

· Email certificates: Allow entities to sign, encrypt and authenticate email communication, verifying the sender’s and intended recipient’s identities.

· Device certificates: Enable mutual authentication and secure connection between two devices via PKI.

*Disclaimer: This content does not constitute legal advice. The suitability, enforceability or admissibility of electronic documents will likely depend on many factors such as the country or state where you operate, the country or state where the electronic document will be distributed as well as the type of electronic document involved. Appropriate legal counsel should be consulted to analyze any potential legal implications and questions related to the use of electronic documents.