If I am a catalog sales merchant and you obtain my public key from some
place on the Internet, it might have both a certificate from my company
and a certificate from my company's bank attached to it. This is a way
of saying, ``Look, it's not just Acme Sales Corp. that says this public
key is from our designated representative, but First National Bank says
so, too.'' Presumably, for First National Bank to issue such a
certificate, I (or someone from my company) had to prove myself to be a
representative of Acme to the appropriate person at First National.
As you can see, there is a notion of a ``hierarchy of trust''
associated with public keys and certificates. At the top of the
hierarchy is some organization that we trust implicitly. With checks
and credit cards, we have to trust the banks that issue them. With
currency we have to trust the government that issued it.
A trusted organization that issues certificates on behalf of others is called a ``certifying authority'' (CA).