What Is Certificate Authority (CA)?

Why It Matters

Certificate authorities are the trust layer of HTTPS. When your browser connects to an HTTPS site, it checks: “Was this certificate issued by a CA I trust?” If yes, you see the lock icon. If no, you see a security warning.

For domain forwarding, the CA matters because the forwarding server needs a valid certificate for every source domain.

Major Certificate Authorities

CA	Type	Cost	Market Share
Let’s Encrypt	DV (automated)	Free	~50% of all certs
DigiCert	DV/OV/EV	$200-600/yr	Enterprise
Sectigo (Comodo)	DV/OV/EV	$50-500/yr	SMB/Enterprise
GoDaddy	DV/OV	$70-300/yr	Consumer
GlobalSign	DV/OV/EV	$250-600/yr	Enterprise

Certificate Validation Levels

Level	Verifies	Visual Indicator	Use Case
DV (Domain Validation)	Domain ownership	Lock icon	Forwarding, blogs, most sites
OV (Org Validation)	Domain + organization	Lock icon	Business sites
EV (Extended Validation)	Domain + org + legal	Lock icon + org name	Banks, finance

For domain forwarding, DV certificates are sufficient — they prove the forwarding server controls the domain, which is all that’s needed for a secure redirect. Using a self-signed certificate is never appropriate for forwarding because browsers will reject it.

How Domain Forward Handles This

Domain Forward uses Let’s Encrypt as its certificate authority. Certificates are automatically provisioned and renewed for every domain — no manual CA interaction required.