Few basic questions on CA

  1. Which problem does it solve – AuthN or AuthZ or something else?
  2. If a client is attempting to talk to a large pool of servers and I want to individually establish the identity of each server host, is CA scalable? If the pool size is 10,000 hosts will a single CA service scale?
  3. How is a server’s certificate deployed on that server host in the first place? Don’t we need a secure channel that establishes the identify of that host to even do that? Isn’t this a chicken-and-egg situation?
  4. Can I use open-ssl toolkit to generate certificates signed by a CA?