Certificate Authority Guide: How CAs Issue and Revoke TLS Certificates
How certificate authorities work, the DV/OV/EV distinction, how Let's Encrypt changed the CA landscape, and CRL vs OCSP.
Published:
Tags: security, cryptography, certificates
Certificate Authorities: How the Web's Trust System Works The web's security model depends on a relatively small number of organizations — Certificate Authorities — whose root certificates are pre-installed in browsers and operating systems. When a CA signs a certificate for your domain, they are effectively vouching for you to every device that trusts their root. This distributed trust system has scaled to billions of devices and millions of websites, but understanding its mechanics and failure modes matters for anyone building or operating web services. What a Certificate Authority Does A CA is an organization that: Verifies the identity of certificate requesters Issues X.509 certificates binding public keys to identities Maintains certificate revocation infrastructure Operates under…
All articles · theproductguy.in