What is the primary role of a certificate authority in PKI?

• A. Verify identities through challenges and issue digital certificates
• B. Issue private keys to users
• C. Issue and revoke digital certificates that bind identities to public keys
• D. Maintain DNS records for certificate names

Answer: (C)

Digital certificates in PKI establish trust by binding an identity to a public key, and a certificate authority is the trusted issuer that manages those certificates. The CA verifies who the subject is, creates a certificate that includes the subject’s identity and public key, and signs that certificate with the CA’s private key. This signature lets anyone who trusts the CA validate that the binding between the identity and the public key is legitimate, using the CA’s public key. The CA also handles certificate status, revoking certificates when they should no longer be trusted and publishing that revocation information. It does not issue private keys to users or manage DNS records for certificate names. Thus, the primary role is to issue and revoke digital certificates that bind identities to public keys.