Skip to main content

How do CAs and RAs work together?

As stated above, an RA is a sub-set of a CA, with the CA serving as the trusted source for securely signing, issuing, revoking, and storing certificates. An RA helps filter information to the CA and serves as an intermediary between a certificate request and the CA, telling the CA which certificates can be issued. When users place requests for digital certificates, RAs verify the identity of requesters before forwarding the request to the CA. Requests are then submitted to the RA through a certificate signing request (CSR). The user’s identity is validated using information stored within the CSR, including the user’s public key and X.509 profile. Based on this information the CA will validate the user’s identity, create a digital certificate with the user’s public key, sign the certificate with the user’s private key, and return the signed certificate to the user, completing the signing process.

Securing the world's most sensitive data.
Request Demo ▸