Users may enroll for a Digital Certificate via the Web. Upon completion of the necessary forms, the user's Internet Browser will create a Public Key Pair. The Public half of the key pair is then sent to the CA along with all other data to appear in the Digital Certificate, while the Private Key is secured on the user's chosen storage medium (hard disk, floppy or hardware token, etc).
The CA must verify the submitted data before binding the identification data to the submitted Public Key. This prevents an impostor obtaining a Certificate that binds his Public Key to someone else's identity and conducting fraudulent transactions using that identity.
If submitted data is in good order the CA will issue a Digital Certificate to the applicant stated within the submitted information. Upon issuance, the CA will enter the Digital Certificate into a public repository.
As well as Digital Certificates being available in public repositories, they may also be distributed through the use of Digital Signatures. For example, when Alice Digitally signs a message for Bob she also attaches her Certificate to the outgoing message. Therefore, upon receiving the signed message Bob can verify the validity of Alice's Certificate. If it is successfully verified, Bob now has Alice's Public Key and can verify the validity of the original message signed by Alice.
Dependent on their usage Digital Certificates are available in a number of different types:
Digital Certificates are available in different classes dependent on the level of verification carried out by the CA into the legitimacy of the information submitted by the applicant. Generally speaking, the higher the class, the higher the level of verification. A high level of verification could then mean that the Certificate may be used for more critical functions, such as online banking or providing ones identity for e-commerce transaction payment protocols.
Certificate class is tied closely with Certificate type. Low classes contain little or no amount of personal information (for example just an email address). Certificates belonging to such classes may be used for secure email, however do prove impractical if being used by an organisation or web entity that requires the Certificate to prove trust. Therefore the usage and applicability for specific tasks for the Certificate is highly dependent on the class (level of verification carried out by the CA).