search
Where Thought Leaders go for Growth
Reference a solution

Which electronic certification authority to choose?

Which electronic certification authority to choose?

By Samantha Mur

Published: October 29, 2024

A certification authority is an entity that issues electronic certificates to guarantee a high level of security in organizations' electronic exchanges.

In a context of digital transition for businesses, accompanied by transformations in processes and practices, such as the dematerialization of documents, data management and processing issues are becoming increasingly common.

Guaranteeing data security and the legal value of online exchanges is becoming a priority. How can we be sure that a website is reliable? How can you be sure that an electronic signature procedure is legally valid, or that an online payment is secure?

Find out more about the role and characteristics of a certification authority!

What is a certification authority?

A certification authority (CA) is a trusted entity that issues digital certificates. It is a service provider, such as a private company or an administrative authority, which creates, supplies and manages electronic certificates on behalf of users.

A certification authority aims to guarantee :

  • the reliability of a website,
  • the identity of certificate holders,
  • the absence of risk in document and data exchanges, such as online payment processes or electronic signatures.

Its role: to issue electronic certificates

A CA issues electronic certificates, also known as public key certificates, to guarantee the security of browsing and computer data exchanges.

What is a certificate in computing? A certificate issued by a certification authority :

  • ensures the reliability of content originating from web servers (SSL certificates) ;
  • protects data confidentiality during transactions and electronic document transfers;
  • authenticates any person or entity wishing to connect to an online space;
  • attests the digital identity of people signing dematerialized documents by means of an electronic signature, and thus guarantees their legal value.

💡 Finally, the certificate issued acts as the identity card for an electronic document or website: if it is supplied by a trusted third party, its legal value is indisputable.

List of certification authorities

The role of certification authority can be assumed by :

  • governments
  • banking institutions
  • regulated professions such as notaries and lawyers,
  • federations of companies in the same business sector,
  • private companies, etc.

Certification authorities define the conditions of use and attribution of the electronic identities they issue.

Which certification authority to choose?

Criteria for choosing a certification authority

  • hardware and software,
  • reputation,
  • trustworthiness,
  • price.

Certification authorities and electronic signatures

How do I obtain an electronic signature certificate?

A certification authority will enable you to obtain an electronic signature certificate, used to guarantee the validity, reliability and level of electronic signature.

The security level can be chosen by the user, and corresponds to different levels of reliability and guarantee, as defined by the eIDAS regulation. These certification processes also confer legal value on the electronic signature.

Finally, CAs in France assign a certification quality level to each electronic signature, based on the General Security Reference System (RGS):

  • elementary (RGS*),
  • standard (RGS**),
  • reinforced (RGS***).

Selection of trusted third parties

To obtain an electronic certificate, you can turn to a PSCe (Prestataire de Services de Confiance électronique), such as :

  • CertEurope, which offers electronic signature certificates compliant with the eIDAS regulation and the RGS reference framework, and an electronic signature platform;
  • Certigna by Tessi, which offers a comprehensive e-signature service (eIDAS, RGS) for official documents, including identity verification, timestamping and qualified stamping, as well as an electronic signature system with evidential value;
  • ChamberSign, which issues electronic certificates in accordance with very strict standards, for a level of security endorsed by ANSSI;
  • Universign, which offers electronic signature, electronic seal and time-stamping services, as a Trusted Service Provider qualified under the European eIDAS regulation.

How does a certification authority work?

Issuance of an electronic certificate by the certification authority

A certification authority is responsible for establishing a secure link between the user and the certificate it issues. To do this

  1. the certification authority implements devices to verify the identity of the certificate applicant, required according to different levels of security, from the most basic to the most complex.These are required according to different levels of security, from verification of identity documents to physical encounters (detailed below);
  2. the certification authority signs with its own private key to guarantee the integrity of the certificate and the reliability of the information it contains;
  3. the private key is associated with a root certificate, which benefits from the highest level of security;
  4. the CA relies on the root certificate to create intermediate certificates, which benefit from its level of trust and are used to sign digital certificates issued by the CA.

ℹ️ Trusted basis for all certificates issued by the CA, the root certificate is usually stored in a protected off-line location.

Registration authority and production unit

The operation of a certification authority relies on :

  • a registration authority responsible for organizational functions:
    • processing certificate applications,
    • checking applicant information
    • accepting or rejecting applications
    • revoke certificates;
  • a production unit managing the technical aspects of producing certification services:
    • create electronic identities
    • handle cryptographic systems,
    • ensuring the security of the environment and the entire process;
  • a repository authority, which aims to :
    • centralize,
    • store,
    • archive valid, expired or revoked certificates.

Becoming a certification authority

While it is technically possible to create your own certification authority and generate a private key, it is essential that users place their trust in this service.

However, the number of authorized certification authorities is limited. To join an authorized certification authority recognition program, a number of criteria must be met, defined by web browsers, operating systems and devices. Once CAs have met these criteria, they can issue SSL certificates, which are then automatically recognized.

CAs are also regularly subject to strict operational audits, which are difficult to comply with. They guarantee the level of confidence that can be placed in their activities.

The different types of electronic certificate

For entities creating and distributing content on the Internet, the most widespread type of certificate is the SSL (Secure Socket Layer) certificate. SSL certificates are linked to domain names and are used to authenticate and encrypt data exchanges with web sites.

To issue a digital certificate, the trust authority checks the identity of the applicant, based on certain verifications that depend on the class and type of certificate required.

There are three levels of trust:

  • Extended validation (EV): the highest level of assurance of the certificate applicant's identity, based on a large number of verified details, including several pieces of identification;
  • the organization validated(OV) certificate : a level of trust still guaranteed, but with less stringent control elements;
  • the domain validated certificate (DV): the only condition for receiving this certificate is that the person or organization requesting it must prove that it is the owner of the domain for which it is being requested.

Certification authorities have expanded their range of services, and now issue digital certificates other than for web domains, such as :

  • code-signing certificates
  • e-mail certificates,
  • device certificates,
  • client or user certificates (signature verification),

for various signature, encryption and authentication purposes.

For secure electronic exchanges

A digital certificate issued by a certification authority is a real guarantee of security for your electronic exchanges - an essential requirement in today's increasingly numerous data exchanges over the Internet.

It is becoming crucial to authenticate oneself on secure sites, to guarantee the legal value of dematerialized documents and to authenticate persons or entities, thanks to the granting of digital certificates.

Once you've chosen your service provider, you should be aware that it can take several weeks to apply for a certificate: plan ahead!

Which certification authority will you entrust your digital certificate requests to?

Article translated from French