The Information Technology Act 2000 (IT Act) provides for the Controller of Certifying Authorities (CCA) to license and regulate the working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature certificates for electronic authentication of users.
The Controller of Certifying Authorities (CCA) is appointed by the Indian Central Government under section 17 of the Act for purposes of the IT Act. The Office of the CCA came into existence on November 1, 2000. It aims at promoting the growth of E-commerce and E-governance through the wide use of digital signatures.
The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority of India (RCAI) under section 18(b) of the IT Act to digitally sign the public keys of Certifying Authorities (CA) in the country. The RCAI is operated as per the standards laid down under the IT Act.
The CCA certifies the public keys of CAs using its own private key, which enables users in cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose it operates the RCAI. The CCA also maintains the Repository of Digital Certificates, which contains all the certificates issued to the CAs in the country.