To apply for CA certificate, you need to submit an application to the applicant of CA certificate first, and then you can get the allocated public key after determining the applicant, that is, the application is successful.

CA(Certificate Authority) is issued by the service provider of a certification body, which is the technical basis of digital signature and the proof of the identity of an online entity. It can prove the identity of the entity and the legitimacy of its public key, and prove the matching relationship between the entity and the public key.

A certificate is the carrier of the public key, and the public key on the certificate is bound to the entity identity. At present, the PKI mechanism for signing the certificate line is generally a double certificate mechanism, that is, an entity must have two certificates and two key pairs, one of which is an encryption certificate and the other is a signing certificate. In principle, the encryption certificate cannot be used for signing.

CA certificate installation

In many cases, it is not necessary to install a CA certificate. By default, CA certificates for most operating systems are installed. These default CA certificates are issued by well-known commercial certificate authorities (such as Go Daddy or Veri Sign). Therefore, if a device needs to trust an unknown or local certificate authority, it only needs to install a CA certificate.

There is no real standard process for downloading and installing CA certificates. The method adopted depends on many factors, such as the type of server used as the certification authority, the configuration mode of the certification authority, and the operating system used on the device where the CA certificate is installed.

If the Windows server is configured as a certificate authority, in general, the administrator can generate and download certificates through the Web interface.