Definition of DIGITAL CERTIFICATE in Network Encyclopedia.
What is Digital Certificate?
A Digital Certificate is a technology for verifying the identity of the user or service you are communicating with. Digital certificates are issued by certificate authorities (CAs), which are public or private organizations that manage a public key infrastructure (PKI).
In other words, Digital Certificate is an electronic clearance that allows a person or organization to exchange data securely over the internet using the public key infrastructure (PKI).
The main function of a digital certificate is to associate a specific user with his or her public/private key pair.
Digital certificates are the networking equivalent of driver’s licenses, and they go hand in hand with encryption to ensure that communication is secure. Digital certificates verify the authenticity of the holder, and they can also indicate the holder’s privileges and roles within secure communication. They can be used like driver’s licenses for identification purposes or like bank cards (together with a password) to perform financial transactions in e-commerce and online banking. Digital certificates enable various rights, permissions, and limitations to be applied to their holders for various kinds of trusted communication purposes such as purchasing, government banking, benefits, and voting rights.
How does Digital Certificate work?
A digital certificate consists of data that definitively identifies an entity (an individual, a system, a company, or an organization). Digital certificates are issued by and digitally signed with the digital signature of the CA (once the CA has verified the identity of the applying entity). In addition to identification data, the digital certificate contains a serial number, a copy of the certificate holder’s public key, the identity and digital signature of the issuing CA, and an expiration date. The CA also maintains a copy of the user’s public key in its centralized certificate storage facility.
Digital certificates are formatted according to an International Organization for Standardization (ISO) standard called X.509 v3. The X.509 standard specifies that a digital certificate must contain the following information fields:
- Version number
- Certificate serial number
- Signature algorithm ID used
- Name of certificate issuer
- Validity period (for certificate expiration)
- Subject name (name of certificate owner)
- Public key information for subject
- Unique identifier of certificate issuer
- Unique identifier of subject
- Extensions
- Digital signature for all the above fields
Digital certificates and public key cryptography are used in the popular Secure Sockets Layer (SSL) protocol, which provides secure transactions over the Internet. Several types of digital certificates are involved in this process, including
- CA certificate, which identifies the certificate authority, such as those based on Microsoft Certificate Server, and is used by Web browsers and Web servers to validate client and server certificates
- Server certificate, which identifies a Web server such as Microsoft Internet Information Services (IIS)
- Client certificate, which identifies a Web browser such as Microsoft Internet Explorer
Why is security needed on the Internet?
The Internet is an open communications network that was not originally designed with security in mind. Criminals have found they can exploit its vulnerabilities for fraudulent gain. If the Internet is to succeed as a business and communications tool users must be able to communicate securely.
Difference between a digital certificate and a digital signature
A digital certificate is not the same as a digital signature. A digital certificate is a file that certifies the owner’s identity, contains the owner’s public key, and can be used to support encrypted communication. The purpose of a digital certificate is to certify that the user has the right to use the public/private key pair that has been issued by the CA. A digital signature, on the other hand, contains identity information along with the message or document itself (which has been hashed using the private key of the sender), and it confirms the identity of the sender and ensures that the content of the message has not been modified in transit.
In other words, to send an encrypted transmission, a user signs the message with a digital signature. But in order to be able to do this at all, the user must first be issued a key pair and its associated digital certificate.
