IT Security

Digital Certificates

What is a Digital Certificate?

A digital certificate is an electronic credential that confirms the identity of a device, server, or user through the use of cryptography and the public key infrastructure (PKI). Digital certificates are issues by a trust service provider (TSP) or a certification authority in order to help organizations to ensure that information being transmitted is authentic. The most common digital certificate today follows the X.509 standard. The contents of an X.509 certificate often include version number, serial number, signature algorithm ID, issuer name, validity period, subject name, subject public key information (public key algorithm and subject public key), issuer unique identifier, subject unique identifier, extensions, certificate signature algorithm, and certificate signature. There are three different types of public key certificates:

TLS/SSL Certificate. A Transport Layer Security/Secure Socket Sayer (TLS/SSL) certificate sits on a server, such as an application, mail, or web server, in order to ensure communication with its clients is encrypted and private. The certificate proves authentication for the server to send and receive encrypted messages to clients. When a client attempts to establish a TLS connection with a server, they refer to the SSL certificate to obtain the server’s public key and identity. The SSL certificate also verifies that a client is talking to the correct server that actually owns the domain, which prevents domain spoofing, man-in-the-middle attacks, and other malicious cyberattacks. This X.509 certificate secures websites using the Hypertext Transfer Protocol Secure (HTTPS) protocol. The three TSL/SSL certificate forms are:

  • Domain validated. A domain validated certificate is a quick method of validation that is acceptable for any website.
  • Organization validated. An organization validated certificate provides light authentication for business and is appropriate for organizations selling products online.
  • Extended validation. Extended validation offers the full business validation that is required by larger organizations dealing with sensitive information. It offers the highest level of authentication, security, and trust.

User/Client Certificate. A client certificate is a digital ID used to validate the identity of a person or device, ensuring that only authorized people are accessing services and/or data. Client certificates use PKI for authentication and are only used for identity validation; they are not used to encrypt the data that is being transmitted.

Code Signing Certificate. A code signing certificate is used to confirm the authenticity of software or files downloaded from the internet. Code signing identifies that the software or application is coming from a trusted source and has not been tampered with. When a piece of code is digitally signed, it is timestamped to ensure that the signed code remains valid even after the digital certificate has expired.