A third-party instance that issues public-key certificates. The role of the CA is to guarantee the identity of the certificate owner.