Enter digital certificates — an authentication method that has an increasingly widespread role in today’s online world. Found in e-mails, mobile devices, machines, websites, advanced travel documents and more, digital certificates are the behind-the-scenes tool that helps keep identities and information safe.
What are digital certificates?
Developed during the eCommerce boom of the 1990s, digital certificates are electronic files that are used to identify people, devices and resources over networks such as the Internet.
Digital certificates also enable secure, confidential communication between two parties using encryption. When you travel to another country, your passport provides a way to establish your identity and grant you entry. Digital certificates provide similar identification in the electronic world.
Certificates are issued by a certification authority (CA). Much like the role of the passport office, the responsibility of the CA is to validate the certificate holder’s identity and to “sign” the certificate so that it is trusted by relying parties and cannot be tampered with or altered.
Once a CA has signed a certificate, the holders can present their certificate to people, websites and network resources to prove their identity and establish encrypted, confidential communication. A standard certificate typically includes a variety of information pertaining to its owner and to the CA that issued it, such as:
- The name of the holder and other identification information required to identify the holder, such as the URL of the Web server using the certificate, or an individual’s e-mail address
- The holder’s public key, which can be used to encrypt sensitive information for the certificate holder or to verify his or hers digital signature
- The name of the certification authority that issued the certificate
- A serial number
- The validity period (or lifetime) of the certificate (i.e., start and end date)
- The length and algorithm of any keys included.
Digital certificates are based on public-key cryptography, which uses a pair of keys for encryption and decryption. With public-key cryptography, keys work in pairs of matched “public” and “private” keys.
In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information.
The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Since these keys only work as a pair, an operation (e.g., encryption) executed with the public key can only be undone or decrypted with the corresponding private key, and vice versa. A digital certificate can securely bind your identity, as verified by a trusted third party, with your public key.
Core to a digital world
At one point, the use of digital certificates was limited to secure sockets layer (SSL) implementations and public key infrastructure (PKI) environments. And while those remain two cornerstones for the technology, their value has been realized and expanded to help secure people, machines, devices and environments alike.