A Certification Authority (CA) is a trusted third-party that vouches for the identity of individuals and organizations. Essentially the certificate authorities maintain a large database of public keys which are distributed as requested.

Normally a CA certificate is embedded in the application, or is located in a trusted database. When a certificate is presented, the Distinguished Name (DN) is used to lookup the certificate containing the public key that signed the certificate. If the presented certificate is valid, the certificate used to verify the signature must be checked. This operation continues recursively until a certificate that is trusted is read.