In cryptography, a certificate authority or certification authority (CA) refers to an entity issuing digital certificates of ownership of a public key for message encryption. In a public key infrastructure schemes, this allows others (relying parties) to rely upon signatures made by the private key that corresponds to the public key which is certified. Trust is essential in this relationship between a CA, as a trusted third party and the subject (owner) of the certificate and the user relying upon the certificate.
Apart from commercial CAs, there are some providers who issue digital certificates to the public free of charge, for example CAcert. It is not unusual for institutions or government entities to have their own Public Key Infrastructures as well as their own CAs. In general, sites using self-signed certificates also act as their own CA too. Some certificate authorities allow for addition or removal of CA certificates at any time. CA certificates last much longer than server certificates which may be a factor when deciding whether to trust a CA or confirm a security exception at the server’s certificate renewal.