Question

What is a Certificate Authority (CA)?

Internet Security means not just making sure that data is not intercepted or corrupted, but that a computer user is who they say they are. Just as in real life you may need a passport from a trusted source to prove who you are, a Certificate Authority server can be set up to issue certificates to prove who people are online.

A Certificate Authority is an organization or individual that provides certificates and a mechanism for verifying their authenticity. Large companies such as Microsoft issue certificates to guarantee downloaded software, and companies like Verisign provide a similar service to companies who do not want to run their own Certificate Authority.

Internet users should be cautious about accepting certificates. If you are unexpectely confronted with a pop-up request to "trust certificates from such-and-such a company" the safest and easiest thing to do is to click No. Even Microsoft certificates have been faked. Users are sometimes concerned receiving messages that "certificates have expired", however this just means the default valid period for the certificate is over — not that you are suddenly at any risk.

Individuals can also run Certificate Authorities, for example for generating keys to exchange between VPN computers. In late 2003 WPA security will be introduced on new network equipment to replace WEP, it also can make use of Certificate Authorities. Verisign and Microsoft are good sources of information, and this Window IT Library article clearly describes Certificate Authorities in detail.

Doc ID: N101016.asp