- Think of a digital certificate as a type of electronic ID card. A digital certificate works with a public encryption key to guarantee that a website is what it claims to be, preventing the potential theft of important, personal or top-secret information.
A public key is used to encrypt information---for example, information sent from a customer to an online store during a purchase. The online store uses its private key to decrypt the information. However, thieves can create fake websites and use keys registered in another name to steal information.
Digital certificates help solve this problem. A digital certificate uses a variety of information to verify a website and public key, including the owner's or organization's name, address, serial number, public key, expiration date and digital signature from the certificate authority. - A Certificate Authority (CA) is a trusted third-party organization that approves and issues digital certificates. The CA "signs" the certificate using its private key. This digital signature is used to verify the certificate when someone visits the website using that certificate.
There are several CAs that provide digital certificates, but the most well-known include VeriSign, Thawte, Comodo, RSA and GeoTrust (see the Resources section for links to some of these CAs). - Imagine that you are creating an online store. You want your customers to be able to purchase items safely and securely. You'll need to get a digital certificate so you can conduct encrypted transactions. Most CAs make this process very easy. Contact any of the major CA providers to find out which solution is best for you. After an application and approval process, the CA assigns you the digital certificate and will help you integrate it into your website, if necessary.
- There are three basic types of digital certificates. Personal Certificates are used to identify users and are typically used for authorizing email. Server Certificates identify servers and allow users to securely transmit their personal information. Software Certificates verify code or software downloaded over the Internet.
- Certificate numbers that have been revoked or are no longer valid are added to Certificate Revocation Lists (CRLs), which are published periodically. There are multiple CRLs; each CA maintains and publishes a list containing its revoked certificates.
A digital certificate can be revoked if the certificate was issued improperly, if it has become compromised or if the private key was lost or stolen. A certificate can also be placed "on hold" if the private key was lost. If the key is recovered, the certificate's status can be reinstated.
Introduction
Certificate Authorities
Getting a Certificate
Certificate Types
Revoked Certificates
SHARE