11.2.3. Creating and managing certificates

When an organization wishes to create a certificate, it has to perform the following:

Basically the CA has the following functions:

  • Checks the identity of everyone requesting a certificate.

  • Confirms the identity of a user by its signature.

  • Monitors the validity of issued certificates (see Section 11.2.4, CRLs below).

Tip

Although to efficiently use certificates over the Internet they need to be signed by well-known Certificate Authorities, this is not required if they are used only locally within an organization. For such cases, the organization itself can create a local (internal) CA and sign the certificate of this CA. This CA having a self-signed certificate (thus it becomes the local root CA) can then be used to sign the certificates used only internally.