Certificate authorities (CA) issue digtal certificates.

CA holds public key and identy of the user. The User keeps the corresponding private key.

Four purposes - Encryption, Signature, Signature and Encryption, Signature and smarcard logon