Digital certificates

Digital certificates are similar to 'online passports' issued by 'certification authorities' (CA). They play the role of identity verification certificates and are used as a security measure that guarantees the recipient's identity to the sender or vice versa. Digital certificates cannot be forged or tampered. They can be used for authentication and for protecting online data from theft and tampering.

There are two types of digital certificates, namely, server certificates and personal certificates. Server certificates are used to authenticate the identity of web sites, to make sure that there is no impersonation. They facilitate the exchange of personal information like credit card numbers among web site visitors. Server certificates are a necessity for e commerce sites that facilitate the exchange of confidential information among customers, vendors and clients, Personal certificates are used to authenticate visitors' identity and restrict their access to specific content. These certificates are suitable for business to business (B2B) transactions like inventory management, updating product availability, shipping dates and so on.

The working of digital certificates is based on private/public key technology. Each of these keys is a unique encryption device. Since two keys are never similar, these keys can be used to find the identity of the user. These keys always work in pairs. The private key is kept secret while the public key is distributed among the different users who want to communicate. Whatever data is encrypted by the public key can only be decrypted by the private key.

The process of distributing the public key and securely exchanging information is done automatically by the digital certificate. The private key gets saved in the server, website or computer wherever the certificate is being installed. The public key is freely available on the website. The public key in the digital certificate is used for communication between the sender and recipient system. The public key is used by other systems for validating the identity and for encrypting the data that it wants to share. Since the data can be decrypted only by the private key, it is protected from tampering while in transit.

In addition to a public key, a certificate always includes the name of the entity it identifies, an expiration date, the name of the CA that issued the certificate, a serial number, and other relevant information. The CA distributes public keys for people and organizations and verifies the authenticity of the people associated with public keys. A digital certificate along with the public key contains information about the customer like e mail ID, full name and so on. It is a digitally signed message that is typically used to attest the validity of a public key of an entity.

Digital certificates are issued by trusted third parties, widely known as Certification Authorities (CA). CAs are entities that validate identities and issue certificates. They can be either independent, third parties or organizations running their own certificate issuing server software (such as Netscape Certificate Server). The methods used to validate an identity vary depending on the policies of a given CA, just as the methods to validate other forms of identification vary depending on who is issuing the ID and the purpose for which it will be used. In general, before issuing a certificate, the CA must use its published verification procedures for that type of certificate to ensure that an entity requesting a certificate is in fact who it claims to be.

Apart from providing secure data transmission by encrypting the data, CAs also provides website authentication. For instance, Netscape SSL authenticates the identity of the website though not the contents of the site. Most web browsers now come with built in trust of CAs. This means that the users can trust the websites that are endorsed by the CAs on the browser. For a website to get the endorsement of CAs it has to be first registered with them. The identity of the website is established through the registration process. After establishing the identity, the CA signs the server certificate using a private key. This private key should be kept secret or else certification can be replicated.

The public key of signatures is stored in the web browser software. When any user clicks on a particular web site which has a SSL session, the registration certificate is downloaded to his/her browser. The certificates are signed by the private key of the CA. It is compared with the public key of the CA in the same browser. If both the keys match, then the site is authenticated. A question arises here as to how the user will know whether the site has been authenticated or not. If the site has been authenticated, it will be indicated by a closed lock icon in the browser. When the lock is open it indicates that the site has not been authenticated. The lock is present in the lower left comer of the browser in the case of Netscape Navigator and lower right corner in case of Internet Explorer.

Domain Name Search