About SSL Certificates
In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes.
There are many commercial CAs that charge for their services. Institutions and governments may have their own CAs, and there are also CAs which are free of charge.
The problem of assuring correctness of match between data and entity when the data are presented to the CA (perhaps over an electronic network), and when the credentials of the person/company/program asking for a certificate are likewise presented, is difficult. This is why commercial CAs often use a combination of authentication techniques including leveraging government bureaus, the payment infrastructure, third parties' databases and services, and custom heuristics. In some enterprise systems, local forms of authentication such as Kerberos can be used to obtain a certificate which can in turn be used by external relying parties. Notaries are required in some cases to personally know the party whose signature is being notarized; this is a higher standard than can be reached for many CAs. According to the American Bar Association outline on Online Transaction Management the primary points of federal and state statutes that have been enacted regarding digital signatures in the United States has been to "prevent conflicting and overly burdensome local regulation and to establish that electronic writings satisfy the traditional requirements associated with paper documents." Further the E-Sign and UETA code help ensure that:
In large-scale deployments, Alice may not be familiar with Bob's certificate authority (perhaps they each have a different CA), so Bob's certificate may also include his CA's public key signed by a different CA2, which is presumably recognizable by Alice. This process typically leads to a hierarchy or mesh of CAs and CA certificates.
- a signature, contract or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and
- a contract relating to such transaction may not be denied legal effect, validity or enforceability solely because an electronic signature or electronic record was used in its formation.
Content provided by Wikipedia
SSL Certificate Providers
Worldwide, the certificate authority business is fragmented, with national or regional providers dominating their home market. This is because many uses of digital certificates, such as for legally binding digital signatures, are linked to local law, regulations, and accreditation schemes for certificate authorities.
However, the market for SSL certificates (used for website security) is largely held by a small number of multinational companies. This market has significant barriers to entry since new providers must undergo annual security audits (such as
WebTrust for Certification Authorities) to be included in the list of web browser trusted authorities. More than 50 root certificates are already trusted in the most popular web browser versions. A 2007 market share report from
Security Space as of September of that year determined that
VeriSign and its acquisitions (which include
Thawte and more recently
Geotrust) have a 57.6% share of the certificate authority market, followed by
Comodo (8.3%), and
GoDaddy (6.4%). According to
Netcraft's July 2008 Secure Server Survey,
additional top providers include
Entrust. Netcraft's findings do not include non-public-facing certificates.
Content provided by Wikipedia
Top SSL Certificate Providers