CA is an entity trusted by both communication parties in PKI system, also known as TTP. CA verifies other people's public key information through certificates signed by CA. If the user loses money because of trusting the certificate, the certificate can be used as effective evidence to investigate the legal responsibility of CA. It is precisely because CA is willing to give a commitment to take responsibility that it is also called a trusted third party. In many cases, CA and users are independent entities. As a service provider, CA may bring losses to users due to service quality problems (such as incorrect published public key data). The certificate binds the public key data and the identity information of the corresponding private key owner, and has the digital signature of CA. The certificate also contains the name of the CA, so that relying parties can find the public key of the CA and verify the digital signature on the certificate.

After users have CA self-signed certificates, they can verify the validity of all other end-user certificates offline, obtain the public keys of other entities, and conduct secure communication.

CA(Certificate Authority) is also the abbreviation of digital certificate certification center, which refers to the institution that issues, manages and revokes digital certificates. The role of CA is to check the legitimacy of the identity of certificate holders, issue certificates (sign certificates), prevent certificates from being forged or tampered with, and manage certificates and keys.

A digital certificate is actually a record stored in a computer, and it is a statement issued by a CA, which proves the unique correspondence between the certificate subject (the certificate applicant becomes the certificate subject after owning the certificate) and the public key contained in the certificate. The certificate includes the name and relevant information of the certificate applicant, the applicant's public key, the digital signature of the CA that issued the certificate and the validity period of the certificate. The function of digital certificate is to make the two parties in online transactions verify each other's identities and ensure the security of e-commerce.

You should understand this. It is to bind the bank card with your CA (certificate stored on the U shield) so as to conduct transactions safely on the Internet.