Open SSL certificate authority Statement: This is just a study notes in order to understand the Open SSL and some relating concepts. A lot of contents in this article are copied from Jamie Nguyen’s blog OpenSSL Certificate Authority Article summary(without Certificate revocation lists) The following graph summarizes the relationship between different keys and certificates. Certificate authority A certificate authority (CA) is an entity that signs digital certificates. Many websites need to let their customers know that the connection is secure, so they pay an internationally trusted CA (eg, VeriSign, DigiCert) to sign a certificate for their domain. In some cases it may make more sense to act as your own CA, rather than paying a CA like DigiCert.