A DN host is simply any single node in the network, e.g. a server, laptop, etc. The certificate authority is used to sign keys for each host added to a network. A host certificate contains the name, IP address, group membership, and a number of other details about a host. Individual hosts cannot modify their own certificate, because doing so will invalidate it. This allows us to trust that a host cannot impersonate another host within a DN network. Each host will have its own private key, which is used to validate the identity of that host when tunnels are created.