What is CA certificate, and why do we need it?

by

A CA certificate is a digital certificate issued by a certificate authority (CA), so SSL clients (such as web browsers) can use it to verify the SSL certificates sign by this CA.

For example, stackoverflow.com uses Let’s Encrypt to sign its servers, and SSL certificates sent by stackoverflow.com mention they are signed by Let’s Encrypt.
Your browser contains the CA certificate from Let’s Encrypt and so the browser can use that CA certificate to verify the stackoverflow’s SSL certificate and make sure you are indeed talking to real server, not man-in-the-middle.

https://security.stackexchange.com/a/20833/233126 provides a more detail explanation about how TLS/SSL certificates work.

More Related Contents:

  1. How can I generate a self-signed certificate with SubjectAltName using OpenSSL? [closed]
  2. How to generate a self-signed SSL certificate using OpenSSL?
  3. Are HTTPS URLs encrypted?
  4. How to get .pem file from .key and .crt files?
  5. Installation SSL in wamp server: Error in httpd-ssl.conf
  6. node.js, socket.io with SSL
  7. NGINX to reverse proxy websockets AND enable SSL (wss://)?
  8. SSL Connection / Connection Reset with IISExpress
  9. WebSocket with SSL
  10. Docker container SSL certificates
  11. “verify error:num=20” when connecting to gateway.sandbox.push.apple.com
  12. SSL Multilevel Subdomain Wildcard
  13. Can you use a service worker with a self-signed certificate?
  14. How to install OpenSSL in windows 10?
  15. Adding a self-signed certificate to iphone Simulator?
  16. CNAME SSL certificates
  17. curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
  18. How to Get SSL Certificate to Work With Localhost on Firefox
  19. Connecting to a Websphere MQ in Java with SSL/Keystore
  20. OpenSSL: unable to verify the first certificate for Experian URL
  21. Webpack Dev Server running on HTTPS/Web Sockets Secure
  22. Programmatically Configure SSL for Jetty 9 embedded
  23. Enable TLSv1.2 and TLS_RSA_WITH_AES_256_CBC_SHA256 Cipher Suite
  24. SSL errors using MailChimp’s API
  25. Google App Script – MySql 8 – JDBC Connection Failed
  26. Self-signed SSL Cert or CA? [closed]
  27. curl: Unknown error (0x80092012) – The revocation function was unable to check revocation for the certificate
  28. Generating client side certificates in browser and signing on server
  29. Jenkins Windows slave connection getting terminated with java.nio.channels.ClosedChannelException
  30. PayPal IPN acknowledgements failing with SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Leave a Comment