CA (Certificate Authority or Certification Authority)
- is a Trusted Intermediary that:
- holds a public-private key pair
- uses its own private-key to issue/sign a:
- Certificate Signing Request (CSR) which then becomes a TLS Certificate
- Certificate Revocation List (CRL)
- to verify whether a CSR or CRL was signed by a CA, we use the CA’s public-key. All trusted CA public-keys come pre-package in the operating system