Certificate Authority (CA)
Digital certificates provide communicating parties with the assurance that the people they are communicating with truly are who they claim to be. Digital certificates are essentially endorsed copies of an individual’s public key. When users verify that a certificate was signed by a trusted certificate authority (CA), they know that the public key is legitimate
Certificate authorities (CAs) are the glue that binds the public key infrastructure together. These neutral organizations offer notarization services for digital certificates. To obtain a digital certificate from a reputable CA, you must prove your identity to the satisfaction of the CA.
An organization can set up internal CA. However, the certificates issued by a CA are only as good as the trust placed in the CA that issued them.
PKI relies on a hierarchy of trust relationships. If you configure your browser to trust a CA, it will automatically trust all of the digital certificates issued by that CA. Browser developers preconfigure browsers to trust the major CAs to avoid placing this burden on users.
Hardware Security Modules (HSM)
Hardware Security Modules are dedicated hardware devices solely designed and build for securing the generation, management, deployment and storage of the most sensitive cryptographic primitives necessary in order to securely set up and deploy a public key infrastructure. Taking into consideration the highly virtualized and complex modern IT infrastructures highlights, even more, the importance of knowing where and how your cryptographic key material is safeguarded. Especially if one considers the trends in modern-day PKIs.