What is a Digital Certificate, and why do you need one?

A Digital Certificate is a digital file used to cryptographically bind an entity's Public Key to specific attributes relating to its identity. The entity may be a person, organisation, web entity or software application. Like a driving license or passport binds a photograph to personal information about its holder, a Digital Certificate binds a Public Key to information about its owner.

In other words, Alice's Digital Certificate attests to the fact that her Public Key belongs to her, and only her. As well as the Public Key, a Digital Certificate also contains personal or corporate information used to identify the Certificate holder, and as Certificates are finite, a Certificate expiry date.

Comodo - SSL Certificate Authority

Digital Certificates and Certification Authorities

Digital Certificates are issued by Certification Authorities (CA). Like a central trusted body is used to issue driving licenses or passports, a CA fulfil the role of the Trusted Third Party by accepting Certificate applications from entities, authenticating applications, issuing Certificates and maintaining status information about the Certificates issued.

The incorporation of a CA into PKI ensures that people cannot masquerade on the Internet as people they are not by issuing their own fake Digital Certificates for illegitimate use.

The Trusted Third Party CAs will verify the identity of the Certificate applicant before attesting to their identity by Digitally Signing the applicant's Certificate. Because the Digital Certificate itself is now a signed data file, its authenticity can be ascertained by verifying its Digital Signature. Therefore, in the same way we verify the Digital Signature of a signed message, we can verify the authenticity of a Digital Certificate by verifying its signature.

Because CAs are trusted, their own Public Keys used to verify the signatures of issued Digital Certificates are publicised through many mediums widely.

The CA provides a Certification Practice Statement (CPS) that clearly states its policies and practices regarding the issuance and maintenance of Certificates within the PKI. The CPS contains operational information and legal information on the roles and responsibilities of all entities involved in the Certificate lifecycle (from the day it is issued to the day it expires).

Digital Certificates are issued under the technical recommendations of the x.509 Digital Certificate format as published by the International Telecommunication Union-Telecommunications Standardization Sector (ITU-T).

< Previous   |   Next >

Contact us for consultation on your security needs.

Contact an expert