| What is a Certification Authority (CA)? |
|
|
|
|
Not just anybody can issue trusted SSL Certificates. If they could then
there would be no trust in SSL - and it could no longer be used
commercially. Instead only Certification Authorities, or CAs as they
are commonly known, can issue trusted SSL Certificates.
CAs have generally invested in establishing the
technology, support, legal and commercial infrastructures associated
with providing SSL certificates. Even though CAs are essentially
self-regulated, the nearest to a regulatory body is the WebTrust
compliancy program operated by AICPA/CICA. The majority of CAs comply
to the WebTrust principles, however some CAs do not have WebTrust
compliance. Those CAs who are WebTrust compliant display the WebTrust
Seal, as seen below. 
The WebTrust Seal of assurance for Certification Authorities symbolizes to potential relying parties [e.g. to the end customer] that a qualified practitioner has evaluated the CA's business practices and controls to determine whether they are in conformity with the AICPA/CICA WebTrust for Certification Authorities Principles and Criteria. An unqualified opinion from the practitioner indicates that such principles are being followed in conformity with the WebTrust for Certification Authorities Criteria. These principles and criteria reflect fundamental standards for the establishment and on-going operation of a Certification Authority organization or function. |
| < Prev | Next > |
|---|
