Certificate Authority (CA)
What is Certificate Authority (CA)?
A Certificate Authority (CA) is a trusted third-party organization that issues digital certificates. These certificates serve as digital identity cards — they bind a person's or organization's identity to a cryptographic public key, allowing others to trust that a digital signature was created by the claimed signer.
The CA verification process typically involves confirming the applicant's identity through documentation, government records, or other verification methods. Once verified, the CA issues a digital certificate that contains the subject's name and identifying information, their public key, the CA's own digital signature (vouching for the certificate's authenticity), the certificate's validity period, and revocation information.
Certificate authorities operate in hierarchies. A root CA sits at the top, signing the certificates of intermediate CAs, which in turn sign end-user certificates. This chain-of-trust model means that a verifier only needs to trust the root CA to verify any certificate in the hierarchy. Major root CAs are pre-trusted by operating systems and web browsers.
In the eIDAS framework, Qualified Trust Service Providers (QTSPs) are a special category of CAs that have been audited and approved by national supervisory bodies. Only QTSPs can issue qualified certificates for qualified electronic signatures, which carry the highest level of legal assurance. EU member states maintain trusted lists of approved QTSPs.
How zipzipdoc handles this
zipzipdoc works with established certificate authorities and trust service providers to ensure that the cryptographic certificates underlying our signatures are trustworthy and verifiable. For organizations requiring qualified electronic signatures, our platform integrates with qualified trust service providers recognized under eIDAS.
Ready to streamline your document signing?
Try zipzipdoc free and experience the most welcoming way to sign documents.
Get Started Free