What Is a Certification Authority (CA)?
- Petteri Kivimäki
What is a Certification Authority (CA)?
The Certification Authority (CA) issues certificates to Security Servers (authentication certificates) and to X-Road member organizations (signing certificates). CA is an external service provider / component, and it is not part of the X-Road core.
Official documentation explaining how to add an approved CA to the Central Server is available at https://github.com/nordic-institute/X-Road/blob/develop/doc/Manuals/ug-cs_x-road_6_central_server_user_guide.md#111-adding-an-approved-certification-service.
The X-Road operator defines trusted CAs on the Central Server by:
Adding root and intermediate (optional) certificates.
Defining the OCSP responder URL of the CA.
Defining the certificate profile info provider Java class – a class that knows how to read/write the required information from/to certificates.
Every Certificate Authority (CA) has a certificate profile that defines what information is stored in what fields in the certificate. More information about certificate profiles is available here.
From the X-Road’s point of view a trusted CA may be:
Commercial, globally trusted CA.
Any self hosted CA fulfilling the X-Road’s technical requirements, e.g. EJBCA open source software.
However, the type of the CA (globally trusted vs. self hosted) may affect the legal value of the Security Server message logs.