An authority trusted by one or more users to create and assign public key certificates. Optionally the CA may create the user's keys. It is important to note that the CA is responsible for the public key certificates during their whole lifetime, not just for issuing them.
A certificate for one CA's public key issued by another CA.
A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. For example, a particular certificate policy might indicate applicability of a type of certificate to the authentication of electronic data interchange transactions for the trading of goods within a given price range.
The entity (person, organization, or server) whose public key is certified in the certificate.
An ordered sequence of certificates which, together with the public key of the initial object in the path, can be processed to obtain that of the final object in the path.
A statement of the practices which a certification authority employs in issuing certificates.
A CRL is a time stamped list identifying revoked certificates which is signed by a CA and made freely available in a public repository.
A person or resource that needs to have their public key certified.
Any autonomous element within the Public Key Infrastructure. This may be a CA, an RA, or an End-Entity.
In the context of a particular certificate, the issuing CA is the CA that issued the certificate (see also Subject certification authority).
A data structure containing the public key of an end entity and some other information, which is digitally signed with the private key of the CA which issued it.
An entity that is responsible for identification and authentication of certificate subjects, but that does not sign or issue certificates (i.e., an RA is delegated certain tasks on behalf of a CA).
A recipient of a certificate who acts in reliance on that certificate and/or digital signatures verified using that certificate. In this document, the terms "certificate user" and "relying party" are used interchangeably.
In the context of a particular CA-certificate, the subject CA is the CA whose public key is certified in the certificate
In the case of certificates issued to resources (such as web servers), the person responsible for the certificate for that resource. For certificates issued to individuals, same as certificate subject.