A certificate is a name and public key bound by a signature. It identifies the owner of a public key.
A certificate identifies a name.
The signee is called a certificate authority (CA). The CA is often some big company, like VeriSign. With internal PKI, it can be any entity that nodes have been configured to trust.
A CA authenticates the identity claimed by a certificate.
A CA’s certificate can be signed by another CA, and so on. The last certificate in the chain is called a root certificate. Root certificates are trusted and stored locally. They’re usually shipped along the OS.
There can be a chain of trust whereby one CA authenticates the next.
Its a tricky subject and I don't think it is really possible to get too far beyond "give me £100 for this SSL certificate" ... "because" ... sigh [fill in your own SSL related conversations with your PHB stupidity here]
A certificate identifies a name.
The signee is called a certificate authority (CA). The CA is often some big company, like VeriSign. With internal PKI, it can be any entity that nodes have been configured to trust.
A CA authenticates the identity claimed by a certificate.
A CA’s certificate can be signed by another CA, and so on. The last certificate in the chain is called a root certificate. Root certificates are trusted and stored locally. They’re usually shipped along the OS.
There can be a chain of trust whereby one CA authenticates the next.
Its a tricky subject and I don't think it is really possible to get too far beyond "give me £100 for this SSL certificate" ... "because" ... sigh [fill in your own SSL related conversations with your PHB stupidity here]