Certificate Authority

What is Certificate Authority?

What is Certificate Authority?

Certificate Authorities are a critical service in a network.

A Certification or Certificate Authority (CA) creates and issues:

  • digital certificates
  • public-private key pairs
  • Certificate Revocation Lists (CRLs).

Digital certificates issued by the CA are digitally signed which binds the subject name (i.e. Subscriber identity) to the public key.

It’s role is to guarantee that the entity, individual or device granted the certificate is infact who or what they claim to be.

Why do we use a CA?

A CA provides services such as:

  • Publication of certificates
  • Lists of revoked certificates
  • Verification of validity of Certificates.
    • Compliant certificates
    • Implements certificate profiles
    • Maintains the link between the certificate request and the issued certificate
    • Checking of revocation information to ensure that the certificate remains trusted and has not been revoked

The CA is a trusted third party that is responsible for physically verifying the legitimacy of the identity of an individual or organisation before issuing the digital certificate.

Functions of a CA

CA’s are vital to security. They perform the following functions.

Chart type or type of data to demonstrate Leviathan Certificate authority
Chart type or type of data to demonstrate Leviathan Certificate authority

Manages Signing of Certificates

Image of icon to display signing of certificate

Ensures the certificates are compliant with the chosen profile before signing any certificate received via the certificate signing request.

Manages the Revocation of Certificates

The Leviathan CA can also revoke certificates.

Verifies Identity

three outline images of people, one with tick on chest to demonstrate verify identity

The CA ensures the verification of requests against profiles before signing.

Issues the Digital Certificate

Generates and Maintains the Certificate Revocation List (CRL)

icons to display certificate revocation list

CA Features

Profile Enforcement

Cartoon image to demonstrate user profile

Leviathan CA implements certificate profiles. Profiles are configurable indirectly via the Jellyfish User Interface.

Data Management

Management of Stored Data to Authorised Users only

Certificate Revocation

Manages the revocation of certificates, including the revocation statues and reason.

Public Key Protection 

Protection of public key used to meet CA against undetected modification through use of dig sig. Verified upon each access of key.

What is PKI?

Private/Secret Keys Protection

The protection of the Private/Secret key used for the certificate signing is provided by HSM.

Administrator Role

The CA administration role is configured within Jellyfish. The Jellyfish user interface allows user to configure and manage certificate profiles, key management, CRL configuration, configuring allowed algorithms and configuration of workflows for certificate issuance.

CA Benefits

Sensitive Data Protection

Protects identity, contact and evidence of identity information. Restricts the ability of destruction of sensitive data and limits the management of stored data to the authorised users only.

Audit Records

The Audit Records log all interactions with the CA by user identity, time, date and action. The Audit Role can real all information from the logs. It prevents unauthorised access and protects data the modification or deletion. It can be archived for long term retention.

Data Recovery

Ability to store and recover to a previous state at direction of administrator. Backup and recover keys to ensure recoverability of the CA.

Data Management 

Jellyfish and Leviathan limits the management of stored data to authorised users only.

Internal Transfer Protection 

Session Locking Mechanisms

The ability to configure to lock and end a session if the user has been inactive for a configured period of time. It requires the user to re-authenticate to continue using. it mitigates the risk of unattended sessions being hijacked.

Fact Sheets

Public Key Infrastructure

button link to PKI (public key infrastructure) fact sheet

Digital Credentials

button to Digital Credentials fact sheet

Benefits of Digital Signatures

button to Benefits of Digital Signature Fact Sheet