Certification Authority

The Certification Authority (CA) that issues certificates to support PIV Card authentication shall participate in the hierarchical PKI for the Common Policy managed by the Federal PKI.

The CA includes a FIPS 140-2 Level 3 (or 4) hardware cryptographic module.  Certificate requests arrive securely from one or more Registration Authorities (RA).  Once the CA has validated the transaction, it digitally signs the certificate request producing a legitimate certificate. Certificates are returned to the RA and alternately populated to a directory.  The CA also generates certificate revocation lists (CRL).  These are sent to the CRL Distribution Point (CDP) listed within the certificates issued.