A digital certificate is a small computer file. It is used to establish a relation between both the user and his or her public key. A digital certificate contains two things i.e. the name of the user and the his or her public key. So that we can identify that the particular key belongs to the particular user.
The information a digital certificate contains is as follows:
-
Subject name
-
Public key
-
Serial number
-
Other data like email, phone, etc
-
Valid from
-
Valid to
-
Issuer name
Here subject name stands for the name of the user. The public key stands for the photograph and signature. The serial number stands for the number of a digital certificate. Other data contain users some personal information. Validity is used to show the validity of a particular digital certificate. Issuer’s name is the name of the person who issues a digital certificate for a user.
What is Certificate Authority?
A trusted agency that issues digital certificates is known for certificate authority. A certificate authority (CA) should be the trusted ones, hence in many countries, the government decides that who should and should not be a CA. Verisign and Entrust are one of the famous certificate authorities in the world.
How Does The Creation of A Digital certificate Happen?
Below are the different steps to create a digital certificate:
Step 1-Key Generation
In this step, a key is generated. A key can be generated using one of the two approaches
Approach 1 : The user creates a private and public key pair using the software. Users must keep their private key secret. A user sends the public key with additional information to the Registration Authority (RA). RA is an intermediate between the CA and the user.
Approach 2 : RA generates a key pair for a user. The possibility of this approach is needed when the user is unaware of the technical and software knowledge. The disadvantage of this approach is RA can find out the private key of the user.
Step 2 – Registration
This step is required only if the user generates the pair of the key. If RA generates the pair of a key for the user, then key registration is done in the 1st step only. A user sends his/her public key and some other information to the RA. For this software provides wizard where users enter details and submit. Then the data travel through the network and reach the RA. After that user request for the certificate will be registered and the format for the certificate request has been standardized. This process is called as a CSR (Certificate Signing request)
Step 3- Verification
After the registration process complete, RA identifies the user credentials.
Step 4 – Certificate Creation
After all the above-mentioned processes completed, RA passed all the details to the CA. CA cross verifies all the details and generates a digital certificate for the user. CA send the certificate to the user and keeps one copy of that to itself to keep the records. The Copy of the certificate is stored in the certificate directory.
Types of Digital Certificate
1. Email certificate: It contains the email id of the user. This is used to identify the signer of the email message has an email id that is the same as mentioned in the user’s certificate.
2. Server-side SSL certificate: These types of certificate are useful for the merchants because merchants want their users to trust on their side and buy good services from their site.
3. Client-side SSL certificate: this type of certificate is used by a merchant to identify their clients.
4. Code Signing certificates: This type of digital Certificate allows the Software developer to encrypt the code of their software or application. After encrypting the code attacker cannot change or modify that code. Code Signing Certificates ensures the highest levels of security and verification. CA of the Code Signing Certificate verifies the integrity of software and the identity of the publisher using public key infrastructure (PKI) and digital signature technology and confirms that your code has not been tampered with or corrupted.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
30,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM