Certificate Authorities

In addition to the server and client authentication certificates issued by Certificate Server, there are certificates that identify Certificate Authorities (CAs).

The CA certificate is a signature certificate that contains a public key used to verify digital signatures. It identifies the CA that issues server or client authentication certificates to the servers and clients that request these certificates. Clients use the CA certificate of the CA issuing the server certificate to validate the server certificate. Servers use the CA certificate of the CA issuing the client certificate to validate the client certificate.

A self-signed CA certificate is also called a root certificate because it is the certificate for the root CA. The root CA must sign its own CA certificate because by definition there is no higher certifying authority to sign its CA certificate.

CA certificates are not requested and issued in the same manner as a server and client authentication certificates. Server and client authentication certificates are unique for each requesting server and client, and are not shared—they must be generated and issued by a CA upon demand. In contrast, the CA certificate does not require issuance upon demand. Instead, it is created once and then made readily available to all servers or client who request certificates from the CA.

The commonly applied technique for distributing CA certificates is to place them in a location known and accessible to anyone who requests certificates from the CA.

In the Certificate Log Administration Web page, click Form View to view the data for the currently selected certificate. You can also click on the certificate's link in the far-left column of the list view or double-click anywhere on the certificate entry.

Viewing Certificates with the Filter

In the Certificate Form Viewer Web page, click Filter to enter filter criteria for viewing certificates with the filter. Click Apply to apply the filter criteria, and then click List View to return to a list of certificates that match the filter criteria.