CA role service holders responsible for issue, store, manage, and revoke certificates. The PKI setup can have multiple CAs. There are mainly two types of CA, which can be identified in PKI:

• The root CA: The root CA is the most trusted CA in the PKI environment. The compromise of the root CA will possibly compromise entire PKI. Therefore, the security of the root CA is critical, and most organization only bring those online when they need to issue or renew a certificate. This is also capable of issuing certificates to any object or services, but considering security and hierarchy of the PKI, it is used to issue certificates only to subordinate CAs.
• Subordinate CAs: In PKI, subordinate CAs are responsible for issuing, ...