The Certification Authority (CA) is responsible for creating, issuing, managing and revoking digital certificates and acts as a trusted thirdparty (TTP) within a security infrastructure (PKI). Upon request of a subscriber (ZN) and after verification of uniqueness, the Certification Authority generates a key
. A public certification authority issues digital certificates, signs public keys and publishes them in the directory
. It vouches forthe identity ofusers or code processes in the infrastructure. The digital certificates ensure secure communication on the Internet. These electronic documents certify the authenticity of the public key and the digital signature. In addition, the certification authority maintains revocation lists (CRL), in which it informs about revoked and invalid certificates and sends status information about individual certificates in OCSP (Online Certificate Status Protocol) requests. Without identity assurance, man-in-the-middle attacks
are possible, which can lead to data loss, security breaches, money theft, or other problems.private certificate authorities or access a commercial certificate authority. A private certificate authority works exclusively for an organization or company to issue us certificates for internal servers and users. These certificates are not publicly trusted and therefore should not be used outside of the corporate infrastructure. With private certificate authorities, users trust the devices, and processes on the organization's network. A previously commonly used directory for private certificates was Microsoft's Active Directory
(AD). Private certificate authorities are used for intranet sites, Virtual Private Networks (VPN), Internet of Things (IoT) projects, and secure communications between internal services, among others.