Root Certification Authority

What is a Root Certification Authority (Root CA)?

A root certification authority (Root CA) is a trusted public entity that issues digital certificates for identity verification and secure communication over the internet. Certification authorities are broadly categorized into Root CAs and Intermediate CAs.

A Root CA can authenticate its own legitimacy and issue certificates to other certification authorities, making it the highest tier of certification. In contrast, Intermediate CAs cannot prove their own validity and require authentication from a higher-level certification authority. A certificate used by a Root CA to prove its own legitimacy is called a root certificate, while a certificate issued by a higher-level authority to authenticate an Intermediate CA is called an intermediate certificate.

Certification authorities consist of the following components:

• Registration Authority (RA): Evaluates ownership information submitted by applicants for digital certificates.
• Issuing Authority: Issues and revokes digital certificates based on requests from the RA.
• Repository: Manages and provides information about the CA and the validity of digital certificates, including downloadable root and intermediate certificates.

Publicly recognized digital certificates must be issued by publicly recognized certification authorities, referred to as public CAs. Conversely, organizations or individuals can establish their own CAs following custom operational standards, known as private CAs. While certificates issued by private CAs are not publicly recognized as valid, they are commonly used for organizational purposes, such as user authentication within specific systems (e.g., using client certificates).