What is a Certificate Authority (CA)?
D3 ยท Architecture ยท CompTIA Security+ SY0-701A Certificate Authority (CA) is a trusted entity in a PKI (Public Key Infrastructure) that issues, manages, and revokes digital certificates. A certificate binds a public key to an identity (person, server, organization).
Root CA โ signs Intermediate CA certificates
Intermediate CA โ signs end-entity (leaf) certificates
End-entity cert โ the cert your browser checks for HTTPS
Root CA โ signs Intermediate CA certificates
Intermediate CA โ signs end-entity (leaf) certificates
End-entity cert โ the cert your browser checks for HTTPS
If a root CA is compromised, all certificates in the chain are untrusted. This is why root CAs are kept offline (air-gapped).