Certification Authority

from Wikipedia, the free encyclopedia
Crypto campaign of c't on the CeBIT 2006

A certification body is generally an organization that carries out certifications in certain areas (for example industrial service, management systems, product certifications and tests), in Germany for example DQS , various TÜVs , Dekra and similar, and if the test is passed issues a corresponding certificate or test sticker.

Notified bodies issue certificates for EU conformity assessment procedures that have been carried out successfully in accordance with EU guidelines .

Certification authority for digital certificates

In information security , a certification body ( English certificate authority or certification authority , shortly CA ) an organization that digital certificates out there. A digital certificate is used to assign a specific public key to a person or organization. This assignment is authenticated by the certification body by providing it with its own digital signature .

The digital certificates contain “keys” and additional information that is used for authentication, as well as for encryption and decryption of confidential data that is distributed over the Internet and other networks. Additional information includes, for example, the period of validity, references to certificate revocation lists, etc., which are included in the certificate by the CA.

The task of a certification authority is to issue and verify these digital certificates. It is responsible for providing, assigning and ensuring the integrity of the certificates it issues. It thus forms the core of the public key infrastructure .

A certification authority can be a special company or an institution within a company that has installed its own server (for example with OpenSSL ). Public organizations or government agencies can also serve as certification bodies, for example the Federal Network Agency in Germany .

In Germany, for the issuance of advanced electronic certificates in accordance with Section 2 number 2 of the Signature Act (SigG) or for qualified electronic signatures in accordance with Section 2 number 3 of the Signature Act, additional, statutory requirements must be met. In particular, the issuers of the certificates are subject to supervision by the Federal Network Agency in order to guarantee the reliability and integrity of these certificates in legal transactions. For example, the applicant for such a signature must personally identify himself to an approved body using his identity card so that such an electronic certificate can be issued to him. The data centers operated by the exhibitors must be particularly secure and thus meet high security requirements.

See also

Web links