About certificate authorities

A certificate authority (CA) is a third-party organization that verifies the information or identity of computers on a network, and issues digital certificates of authenticity. Certificate authorities usually have some kind of agreement with a financial institution that provides the information used to confirm an individual's identity. Digital certificates are used in a network security system to guarantee that the two parties exchanging information are really who they claim to be.

Depending on how a network's security system is configured, the certificate can include its owner's public key and name, the expiration date of the certificate, or other information. There are many certificate authorities on the internet, though VeriSign is the best-known example.

At Indiana University, the IU Certificate Authority offers SSL certificates to the IU community. For more, see Get an SSL certificate for your web server.

For a general discussion of web security, see W3C Security Activity.