entity that can issue Certificates, also known as a CA

Note 1 to entry: The Certificate certifies the ownership of a Public Key by the named subject of the Certificate. This allows others (relying parties) to rely upon signatures or assertions made by the Private Key that corresponds to the Public Key that is certified. In this model of trust relationships, a CA is trusted by both the subject (owner) of the Certificate and the party relying upon the Certificate. CAs are characteristic of many Public Key infrastructure (PKI) schemes

Note 2 to entry: A private CA system (or a private sub-CA) could be used as long as all parties trust it.