Definition:
- Server that issues digital certificates for entities and maintains the associated private/public key pair.
- Sign digital certificates so that clients can validate the authenticity of certificates owned by entities.
- may be third-party or internal.