A certification authority (sometimes referred to as a certificate authority) is a trusted third party that issues certificates. On the Web, certification authorities are typically separate business entities whose public keys are provisioned to the browser by the browser supplier. The certification authority accepts requests for certificates from Web site operators who provide the identifying information that they wish to have included in the certificate. The certification authority verifies the accuracy and applicability of the identifying information before including it in the certificate and returning it to the Web site operator.
The Web site provisions the certificate to the browser within the SSL protocol.