Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

6
  • I don't care about AATL at all. I have a certificate that I have already generated, and I would like to purchase a signature for it from a CA, but I cannot find one. Do you know a CA that will sign a certificate without requiring it to exist on secure hardware. Commented Apr 9, 2019 at 12:07
  • 1
    My personal CA I created just moments ago will happily sign it! Or are there maybe any other requirements you have but didn't tell us? Commented Apr 9, 2019 at 12:12
  • What exactly makes a CA a CA, rather than just some entity that is agreeing to sign a public key? If a company wanted to sign their own keys, what would make them a CA signing their own keys, vs just a self-signed certificate? Or is there no difference? Commented Apr 9, 2019 at 12:24
  • 2
    @Seb this could be another question. Basically a CA confirms to rules (e.g. AATL) and is audited by another company to check that they actually follow this rules. Based on that, the creator of the rules (e.g. Adobe) trusts the certificates signed by the CA. If you don't want Adobe to trust your certificate, why do you need a CA? Or in other words: A CA is just some entity that is agreeing to sign a public key! Just one entity that a lot of other people choose to trust. Commented Apr 9, 2019 at 12:26
  • 1
    A certificate authority depends on context. I'm my own CA when it comes to signing kernel modules for my laptop. Commented Apr 9, 2019 at 13:38