Definition: A certificate authority (or CA) is typically a third-party organization whose main function is directly related to "information security" and helps make possible the use of what is known as the public key infrastructure or PKI. A private company or government agency may generate and issue their own certificates as well. Digital signatures are issued by a a third party that serve to authenticate the identity of the party that is sending a message or is participating in an electronic transaction. Upon receiving an electronic document that certifies identity the receiver can authenticate his/her identity of the sending party through the CA.
Its Relevance: Electronic commerce would grind to a halt without a means of verifying the identity of parties in an electronic transaction. The method and means of how the public key infrastructure is to be used should be covered in an organization’s information security policies. The use of certificates is vital for ecommerce.