If a user wants to get a certificate of his own, he should apply to CA first. After CA identifies the identity of the applicant, it assigns him a public key, and CA binds the public key with the identity information of the applicant, and after signing it, it forms a certificate and sends it to the applicant.

a ca also has a certificate (including a public key and a private key). Public users on the Internet trust CA by verifying its signature, and anyone can get CA's certificate (including public key) to verify the certificate issued by it. The contents of the certificate include: the information of the electronic visa authority, the information of the public key user, the public key, the signature of the authority and the validity period, etc.

extended information

certificate principle: the digital certificate is attached with the user information and the signature of the CA after the user's public key. The public key is one part of the key pair, and the other part is the private key. The public key is made public and anyone can use it. Only you know the private key. Information encrypted by a public key can only be decrypted by its corresponding private key.

To ensure that only one person can read his letter, the sender should encrypt the letter with the public key of the recipient; The recipient can decrypt the letter with his own private key. Similarly, in order to confirm the identity of the sender, the sender should sign the letter with his own private key; The recipient can use the sender's public key to verify the signature to confirm the sender's identity.

Baidu encyclopedia-ca certificate