|
What are SSL Certificates?
Digital certificates are electronic files that are used to uniquely identify people and resources over networks such as the Internet. Digital certificates also enable secure, confidential communication between two parties. When you travel to another country, your passport provides a universal way to establish your identity and gain entry. Digital certificates provide similar identification. Certificates are issued by a trusted third party called a Certification Authority (CA). Much like the role of the passport office, the role of the CA is to validate the certificate holders' identity and to "sign" the certificate so that it cannot be forged or tampered with. Once a CA has signed a certificate, the holder can present their certificate to people, Web sites, and network resources to prove their identity and establish encrypted, confidential communications. A certificate typically includes a variety of information pertaining to its owner and to the CA that issued it, such as: The name of the holder and other identification information required to uniquely identify the holder, such as the URL of the Web server using the certificate, or an individual's email address; The holder's public key (more on this below). The public key can be used to encrypt sensitive information for the certificate holder; The name of the Certification Authority that issued the certificate; A serial number; The validity period (or lifetime) of the certificate (a start and an end date). In creating the certificate, this information is digitally signed by the issuing CA. The CA's signature on the certificate is like a tamper-detection seal on a bottle of pills - any tampering with the contents is easily detected. Digital certificates are based on public-key cryptography, which uses a pair of keys for encryption and decryption. With public-key cryptography, keys work in pairs of matched "public" and "private" keys. In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information. The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Since these keys only work as a pair, an operation (for example encryption) done with the public key can only be undone (decrypted) with the corresponding private key, and vice-versa. A digital certificate securely binds your identity, as verified by a trusted third party (a CA), with your public key. support@mercuryd.com |