An entity that issues a digital certificate to the SSL seeker is dubbed as a certificate authority (CA). As a part of a public key infrastructure, a CA checks the credentials or information with registration authority (an authority who verifies SSL seeker’s request and tells the CA to issue the certificate) provided by the SSL seeker. If the registration authority verifies the information, then the CA issues a certificate to the requester of a digital certificate.
The certificate includes website owner information, public key, certificate expiry date, owner’s name, and other information depending upon type of SSL certificate. When a server makes a handshake with the client’s browser, the client will try to verify the signature against a listed CAs. Web browser comes with pre-installed lists of CAs.
Figure 1: List of Certificate Authorities in Chrome
If the browser does not have CA in the list, it will show a warning that a reputed certificate authority has not signed the certificate.
Figure 2: The site’s security certificate is not trusted!
There are many reputed certificate authorities like AlphaSSL, RapidSSL, GeoTrust, Thawte, Comodo, Symantec & GlobalSign offer different types of SSL certificates in the market, verified by 99% web browsers. When the server has installed SSL certificate from the above CAs, the browser will not show a warning and makes a secure connection. Each certification authority has its personal identification prerequisites and validation processes for issuing a certificate.