Digital Certificates and its advantages
Picture Courtesy: www.educba.com
What is a Digital Certificate ?
A Digital certificate is an encrypted "electronic" password used by the end-users to communicate between a browser and a website. The communication is done securely over the internet using a cryptographically linked public key. This technique is known as Public Key Infrastructure (PKI).
What are the components of Digital Certificate? How do we use them?
A digital certificate consists of the following information or metadata:
The public key and the private keys are used to make any communication or authentication between the end user and the website or organization. The digital certificates are based on X.509 standard. Either public or the private key can be used to encrypt the messages and then the messages are decrypted with the other key. Without certificates, a user can send data encrypted using private key and the public key can be used to decrypt the data. However, this method doesn't provide assurance that the data was originated by that specific user. The receiver could only get to know that a valid key pair was used. Hence, we go for a Certification Authority (CA), a trusted third party to rely upon verification of public key matching to any identity, e-mail name or any user information.
CA puts in the public keys, metadata of the encryption algorithms used, owner or the subject data, the digital signature of the CA after verification of subject data itself and period up to which the certificate is considered valid.
Why do organizational websites opt for digital certificate?
Organizations get the following benefits when they opt for a digital certificate-
Types of digital certificates:
There are primarily 3 types of digital certificates usually referred to as SSL/TLS certificate. These certificates are used to secure a website via HTTPS protocol.
SSL(Secure Socket Layer) is now succeeded by TLS (Transport Layer Security).The 3 types of SSL/TLS certificates are -
- Domain Validated (DV): This certificate offers the least amount of assurance about the owner of the certificate. Applicants for DV SSL certificates need to demonstrate that they have the right to use the domain name. While these certificates can give assurance that data is being sent and received by the holder of the certificate, they give no guarantees about who that entity/owner is.
- Organization Validated (OV): This certificate provides additional assurances about the owner of the certificate; in addition to confirming that the applicant has the right to use the domain, OV SSL certificate applicants undergo additional confirmation of their ownership of the domain.
- Extended Validation (EV SSL) certificates: This certificate is issued only after the applicant is able to prove their identity to the satisfaction of the CA. The vetting process includes verification of the existence of the entity applying for the certificate, verifying that identity matches official records, verifying that the entity is authorized to use the domain and confirming that the owner of the domain has authorized the issuance of the certificate.
Applications of Digital Certificates:
- Digital Certificates can be used for a variety of electronic transactions including e-mail, e-commerce, groupware and electronic funds transfers.
- Government websites and banks use digital certificates to a wide extent.
- Recently in Singapore's Changi Airport, Digital Signatures are used to speed up immigration checks.
Comments
Post a Comment