The CA is a trusted entity with the task of authenticating cryptographic keys (see Certificate). It is an important component of a PKI. More precisely, a certification authority (CA) issues certificates. It confirms the correctness of the data contained in the certificate by means of its digital signature. Typically, this is the name of the key holder and other attributes that identify him, the key holder’s public key, its validity period, and the name of the certification authority. After a certificate has been issued, the certification authority must offer the option of revoking the certificate again and provide revocation lists (CRLs) for this purpose if information in the certificate becomes invalid. This applies in particular if secret keys of the key holder have become known.
