In previous post, we touch base on Digital certificate concept where we discussed, what is digital certificate and use of that.
In case you missed that, you can click here to go to that post.
This post talk about certificate authority and use of it in Blockchain.
What is CA (Certificate Authority )?
Certificate authority is trusted entity that issue digital certificate to individual or organization or any other entity that they use for secure communication.
These are used mainly for SSL connectivity, when you access any of the website using HTTPS that means that website using SSL certificate to make the communication secure.
Certificate authority is part of PKI (public key infrastructure ) that we will discuss in our next post.
Examples of Certificate Authority
Below are the some of the examples of certificate authority.
How Certificate Authority related to Blockchain ?
Blockchain network comprises of many nodes link together. Mainly in Hyperledger fabric, certificate authority issue certificate to each of the node so that node can participate in the network and communicate securely.
In Hyperledger Fabric Blockchain network every company can have it's own CA( certificate authority ) instead of having common CA.
Types of CA ?
CA (Certificate Authority) can be of mainly two types.
- Root CA
- Intermediate CA
What is Root CA ?
A Root CA is the topmost Certificate Authority (CA) in a Certificate Authority (CA) hierarchy as you see in above diagram.
Root CA and Intermediate CA are always in parent child relation.
Below diagram show Root CA for google.com.
What is Intermediate CA ?
An intermediate Certificate Authority (CA) is a CA that is subordinate to another CA (Root CA or another intermediate CA) and issues certificates to other CAs in the CA hierarchy. Intermediate CAs are usually stand-alone offline CAs like root CAs.
Below diagram show Intermediate CA for google.com.
Why we need Intermediate CA?
Simple answer, due to heavy work load. Root CA can't provide thousands of certificates so they delegated the work to intermediate CA so that they issue the certificate and that is known as chain of trust.