A Certificate Authority is a trusted third party entity that issues digital certificates and manages the public keys and credentials for data encryption for the end user. The responsibility of the CA in this process is to ensure that the company or user receives a unique certificate for an efficient identity authentication.
As part of a public key infrastructure (PKI), a CA checks with a Qualified Information Source (QIS) to verify the data supplied by the applicant, before issuing the digital certificate.
Normally, the CAs have partnerships with financial organizations like the credit reporting agencies to help them with the process of business and identity authentication of the applicants. CAs are a critical component in the field of data security and electronic commerce, because they guarantee that the two parties exchanging the information are really who they claim to be.
Server administrators and website owners are the customers of a CA. These customers require certificates, which their servers can be configured to use for secure communication with their visitors. These customers expect the certificates issued by their CAs to be included with most of their web-servers to establish a smooth and secure connection with the certified servers. The number of web and mobile browsers and applications trusting a particular CA is said to be its ‘compatibility’ or ‘ubiquity’. The CA/Browser Forum is self-regulated industry body that has developed extensive guidelines for CA trust.
Trusted Certificate Authorities:
There are two type of Certificate Authorities, mostly divided into two sectors: regional and global providers, who operate in their respective home markets, since certificate validation can often be affected by the local law and regulations of the area. However, it’s the handful of multinational CAs who have the real hold on the market for SSL certificates. There are about 50 Certificate Authorities available in the global SSL market.
Here is the list of some of the largest certificate authorities in the market:
- Comodo with 40.7%
- Symantec (which bought VeriSign’s SSL operations and owns Thawte, GeoTrust, and Rapid SSL) with 28.1% market share
- Go Daddy with 12.5%
- GlobalSign with 9.4%
- Digicert with 3.1%
- StartCom with 2.2%
- Entrust with 0.7%
- Unizeto with 0.4%
How to get SSL from Certificate Authority?
SSL Certificate Authorities offers domain validated SSL, organization validated SSL, extended validated SSL, wildcard SSL, Multi domain SSL, code signing, email signing, document signing certificates to their customers. To get SSL from authority a customer can contact directly to the authority or else he can find resellers of their authority. Contacting the resellers will help customer to save a good amount of money because as per our analysis SSL resellers are offering any SSL certificate on discounted price than Certificate authority’s actual price.
Now after applying for SSL certificate, the very next process is to generate the Certificate Signing Request (CSR). Once you finish the CSR Generation process, CA will provide you the private key in cryptographic form. Now store the both CSR and private key.
One a apply to issue SSL Certificate of any of these authority, whether is a domain validation, organization or extend validation the Certificate Authority will ask for documents from him. In case of domain validation, the verification will be done automatically within minutes without any kind of paper work. But in case of organization validation, extended validation and code signing certificate, the verification process takes up to 10 days as the authority need to verify all the business related documents. Once the certificate authority completes the verification process, it the documents submitted by issuer meet the requirement of CA, the certificate will be issuer, and it not than the issuer need to submit documents again.
Documents required from Certificate Authority
- SSL Documents for Domain Validation
- SSL Documents for Organization Validation
- SSL Documents for Extended Validation
- Documents for Code Signing Validation
More About SSL