Certificate authentication plays a major role in securing online resources, and most organizations utilize certificates to secure communication between both hosted resources and those that are accessed. It is a more secure way of authenticating users compared to the legacy username and password mechanism. Certificate authentication uses asymmetric cryptography, meaning that it is able to separate out 1) those who can verify the link between the physical identity and the cryptographic public key and 2) Those who can authenticate the user. However, user certificates are only as good as the Certificate Authorities, or CAs, that identify them. Attackers have certainly targeted the CAs as a means to issue unauthorized certificates or impersonate certificates for authentication. Let’s take a look at compromised CA Certificate attacks and their impacts.