What is CA certificate, and why do we need it?

A CA certificate is a digital certificate issued by a certificate authority (CA), so SSL clients (such as web browsers) can use it to verify the SSL certificates sign by this CA.

For example, stackoverflow.com uses Let’s Encrypt to sign its servers, and SSL certificates sent by stackoverflow.com mention they are signed by Let’s Encrypt.
Your browser contains the CA certificate from Let’s Encrypt and so the browser can use that CA certificate to verify the stackoverflow’s SSL certificate and make sure you are indeed talking to real server, not man-in-the-middle.

https://security.stackexchange.com/a/20833/233126 provides a more detail explanation about how TLS/SSL certificates work.

Leave a Comment