Providing confidentiality and trust

Issuing certificates to organizations

Managing certificate revocation lists (CRLs)

Creating a hierarchy of multiple CAs

Issuing digital certificates

Managing certificate attributes

Determining the validity of certificates in real-time

Creating a hierarchy of CAs

Registration Authority (RA)

Intermediate CA

Issuing CA

Root CA

Serial number and signature algorithm

Public key and OCSP responder details

Common name and organization details

Private key and certificate attributes

Covering multiple domains with one certificate

Proving the legitimacy of an application

Validating an organization's legal existence

Identifying and validating specific users or computers

Root Certificate

Code Signing Certificate

Wildcard Certificate

Subject Alternative Name (SAN)

Issued by Certificate Authorities (CAs)

Used for secure, encrypted emails

Requires thorough organization validation

Do not provide the same protection and security as CA-validated certificates