Certification Authority (CA)
The potential problem with certificates is determining which entity the public key refers to. Certificates solve this problem by ensuring each certificate is signed by an entity that is either directly or indirectly trusted.
A Certification Authority (CA) is a trusted third-party that vouches for the identity of individuals and organizations. Essentially the certificate authorities maintain a large database of public keys which are distributed as requested.
Normally a CA certificate is embedded in the application, or is located in a trusted database. When a certificate is presented, the Distinguished Name (DN) is used to lookup the certificate containing the public key that signed the certificate. If the presented certificate is valid, the certificate used to verify the signature must be checked. This operation continues recursively until a certificate that is trusted is read.