The 3 pillars of public CA excellence: ethical, technical, and intellectual
Public Certificate Authorities (CAs) play a crucial role in maintaining internet trust, but not all CAs meet the highest standards. True CA leadership is built on three pillars: ethical excellence, which prioritizes public trust over corporate interests; technical excellence, which ensures security through automation and innovation; and intellectual excellence, which drives industry thought leadership. Sectigo exemplifies these principles, leading the way in responsible CA practices, transparency, and security advancements.
Table of Contents
The foundation of trust on the internet is built on the invisible infrastructure of the web Public Key Infrastructure (PKI). Every secure website, trusted email, or authenticated document depends on the rigorous functionality of Certificate Authorities (CAs). Yet, not all CAs are equal. Far from it. Some embody the core principles of excellence, while others fall woefully short, jeopardizing the very trust they are tasked to uphold.
To be a true leader in the CA space requires mastering three critical pillars: ethical, technical, and intellectual. Each is indispensable, and only by excelling in all three can a CA secure its role as a reliable gatekeeper for the digital world.
Ethical excellence: putting the public good first
Ethical excellence is the backbone of a trustworthy CA. As stewards of internet security, public CAs must place the needs of the web PKI ecosystem above narrow corporate interests or short-term gains. This principle is non-negotiable and is enshrined in the very term “public CA.” The interests of the public must always supersede those of the CA's shareholders, corporate owners, governmental backers, or other external stakeholders.
Unfortunately, too many CAs fail this test. Practices like deliberate delayed revocation - where compromised certificates remain valid far longer than they should - undermine the integrity of the web. Recent incidents have shown how catastrophic these lapses can be, such as the mass revocation failures that damaged user trust and called into question the competence of major players in the industry.
True ethical leadership means owning mistakes, transparently addressing root causes, and committing to continuous improvement. At Sectigo, we embraced this philosophy years ago. In 2020 we led the industry in unilaterally banning deliberate delays in BR-mandated certificate revocations and implemented robust systems to ensure our actions uphold the integrity of the internet. Ethical leadership is not just about compliance - it’s about leading by example.
Technical excellence: automation and innovation
Technical excellence is the second pillar of CA leadership. To safeguard the internet’s trust ecosystem, CAs must prioritize accuracy, reliability, and consistency. These goals can only be achieved by reducing human error and relying on advanced, repeatable, programmatic systems.
At Sectigo, we’ve embraced this principle by investing heavily in automation. Over the past three years, we’ve delivered more technological innovation than in the previous decade. This commitment has translated into faster, more accurate certificate issuance and a marked reduction in human error.
But technical leadership is not only about operational efficiency. It’s about contributing to the broader industry. This includes building tools like pkimetal and crt.sh and offering them free to charge to enhance transparency and quality across the entire ecosystem. We operate our Sabre and Mammoth Certificate Transparency (CT) logs and have played a key role in developing solutions for MPIC support. By sharing innovations like these, we ensure that the WebPKI remains robust and secure for all participants.
Intellectual excellence: thought leadership and ecosystem engagement
Intellectual excellence means challenging the status quo, elevating industry standards, and inspiring best practices. At Sectigo, we take responsibility for educating the community, sharing insights through whitepapers, podcasts, and advocacy. Our Root Causes podcast, with over 450 episodes, delivers critical security insights.
Sectigo holds five chairs in the CA/Browser Forum (CABF) - more than any other CA in history - and a seat in ETSI, demonstrating commitment to industry standards, and has led enterprise education on post-quantum cryptography (PQC). Additionally, Sectigo was the first public CA to develop a CA-agnostic Certificate Lifecycle Management (CLM) platform.
Driving industry improvements, advocating for higher security standards, and playing key roles in initiatives like shortening certificate lifespans and revocation reform sets an example and pushes boundaries. Sectigo aims to create a more secure, transparent, and future-ready cybersecurity landscape.
A call to action
The three pillars of CA excellence - ethical, technical, and intellectual leadership - are not just lofty ideals. They are necessities. The web PKI ecosystem relies on each CA to act responsibly, innovate boldly, and engage thoughtfully. Yet, too many CAs fail to live up to these expectations, leaving gaps in the fortress wall of internet security.
At Sectigo, we believe in walking the walk. We’ve built these pillars into everything we do and have seek to lead by example. But the responsibility for a secure web PKI does not rest on one organization alone. To every CA: we challenge you to do better, to rise to the occasion, and to commit to the principles of public trust.
The stakes couldn’t be higher. The time for leadership is now.
Want to learn more? Get in touch to book a demo of Sectigo Certificate Manager!
Related posts:
What Is PKI? Definition & Guide to Public Key Infrastructure