search
Where Thought Leaders go for Growth
Reference a solution

Which electronic certification authority should I choose?

Which electronic certification authority should I choose?

By Samantha Mur

Published: 29 October 2024

A certification authority is an entity that issues electronic certificates to guarantee a high level of security in organisations' electronic exchanges.

As companies make the transition to digital technology and transform their processes and practices, such as the dematerialisation of documents, data management and processing issues are becoming increasingly common.

Guaranteeing data security and the legal value of online exchanges is becoming a priority. How do you check that a website is reliable? How can you be sure that an electronic signature procedure is legally admissible or that an online payment is secure?

Find out more about the role and characteristics of a certification authority!

What is a certification authority?

A certification authority (CA) is a trusted entity that issues digital certificates. It is a service provider, such as a private company or an administrative authority, which creates, supplies and manages electronic certificates on behalf of users.

A certification authority aims to guarantee :

  • the reliability of a website
  • the identity of certificate holders
  • the absence of risk in document and data exchanges, such as online payment processes or electronic signatures.

Its role: to issue electronic certificates

A CA issues electronic certificates, also known as public key certificates, to guarantee the security of browsing and computer data exchanges.

What is a certificate in computing? A certificate issued by a certification authority :

  • ensures the reliability of content from web servers (SSL certificates) ;
  • protects the confidentiality of data during transactions and transfers of electronic documents;
  • authenticates any person or entity wishing to connect to an online space;
  • attests to the digital identity of people signing dematerialised documents using an electronic signature, and thus guaranteeing their legal value.

💡 Finally, the certificate issued acts as the identity card for an electronic document or website: if it is provided by a trusted third party, its legal value is indisputable.

List of certification authorities

The role of certification authority can be assumed by :

  • governments
  • banking institutions
  • regulated professions such as notaries and lawyers,
  • federations of companies in the same business sector,
  • private companies, etc.

Certification authorities define the conditions of use and attribution of the electronic identities they issue.

Which certification authority should I choose?

Criteria for choosing a certification authority

  • equipment and software,
  • reputation
  • trustworthiness
  • price.

Certification authority and electronic signature

How do I obtain an electronic signature certificate?

A certification authority will enable you to obtain an electronic signature certificate, which is used to guarantee the validity, reliability and level of the electronic signature.

The security level can be chosen by the user and corresponds to different levels of reliability and guarantee, as defined by the eIDAS regulation. These certification processes also confer legal value on the electronic signature.

Finally, the CAs in France assign a certification quality level to each electronic signature based on the General Security Reference System (RGS):

  • elementary (RGS*)
  • standard (RGS**),
  • enhanced (RGS***).

Selection of trusted third parties

To obtain an electronic certificate, you can turn to a TSP (Trusted Electronic Service Provider), such as :

  • CertEurope, which offers electronic signature certificates that comply with the eIDAS regulation and the RGS reference framework, and an electronic signature platform;
  • Certigna by Tessi, which offers an e-signature service at all levels and in compliance (eIDAS, RGS) for official documents, accompanied by identity verification, time stamping and qualified stamping, as well as an electronic signature system with evidential value;
  • ChamberSign, which issues electronic certificates in accordance with very strict standards, with a level of security endorsed by ANSSI;
  • Universign, which offers electronic signature, electronic seal and time-stamping services, as a Trusted Service Provider qualified under the European eIDAS regulation.

How does a certification authority work?

Issuance of an electronic certificate by the certification authority

A certification authority is responsible for establishing a secure link between the user and the certificate it issues. To do this

  1. the certification authority implements mechanisms to verify the identity of the certificate applicant, which are required according to different levels of security, from the most basic to the most complex.These are required according to different levels of security, from verification of identity documents to a physical meeting (detailed below);
  2. the certification authority signs with its own private key to guarantee the integrity of the certificate and the reliability of the information it contains;
  3. the private key is associated with a root certificate, which has the highest level of security;
  4. the Certification Authority relies on the root certificate to create intermediate certificates, which benefit from its level of trust and are used to sign the digital certificates issued by the CA.

ℹ️ Trusted basis for all certificates issued by the CA, the root certificate is generally stored in a protected off-line location.

Registration authority and production unit

The operation of a certification authority is based on :

  • a registration authority responsible for organisational functions:
    • processing certificate applications
    • checking applicants' information
    • accepting or rejecting applications
    • revoking certificates;
  • a production unit managing the technical aspects of producing certification services:
    • creating electronic identities
    • handling cryptographic systems,
    • ensuring the security of the environment and the entire process;
  • a repository authority, which aims to :
    • centralise
    • store
    • archive valid, expired or revoked certificates.

Becoming a certification authority

While it is technically possible to create your own certification authority and generate a private key, it is essential that users trust this service.

However, the number of authorised certification authorities is limited. To join an authorised certification authority recognition scheme, a number of criteria, defined by web browsers, operating systems and devices, must be met. Once CAs comply with these criteria, they can issue SSL certificates, which are then automatically recognised.

CAs are also regularly subject to strict operational audits, which are difficult to comply with. They guarantee the level of confidence that can be placed in their activities.

The different types of electronic certificate

For entities creating and distributing content on the Internet, the most widespread type of certificate is the SSL (Secure Socket Layer) certificate. SSL certificates are linked to domain names and are used to authenticate and encrypt data exchanges with websites.

To issue a digital certificate, the trusted authority checks the identity of the applicant on the basis of certain verifications, which depend on the class and type of certificate required.

There are three levels of trust

  • Extended validation (EV) certificate : the highest level of assurance of the identity of the certificate applicant, based on a large amount of verified information, including several pieces of identification;
  • the organization validated(OV) certificate : a level of confidence that is still guaranteed, but with less stringent checks;
  • the domain validated certificate (DV): the only condition for receiving this certificate is that the person or organisation making the request proves that it is the owner of the domain for which the request is being made.

Certification authorities have expanded their range of services and now issue digital certificates other than for web domains, such as :

  • code signing certificates
  • email certificates
  • device certificates
  • client or user certificates (signature verification),

for various signature, encryption and authentication purposes.

For secure electronic exchanges

A digital certificate issued by a certification authority is a real guarantee of security for your electronic exchanges, an essential requirement at a time when the number of data exchanges over the Internet is increasing all the time.

It is becoming crucial to authenticate yourself on secure sites, to guarantee the legal value of dematerialised documents and to authenticate people or entities, thanks to the granting of digital certificates.

Once you have chosen your service provider, you should be aware that it can take several weeks to apply for a certificate, so plan ahead!

Which certification authority will you entrust your electronic certificate requests to?

Article translated from French