– A digital certificate is another name for the public key certificates.
– They are rarely referred to as the identity certificates.
– Digital certificates are an integral part of the cryptography.
– These are electronic documents that are used for binding the public key to an identity that make use of the digital signatures.
– The identity might be anything such as a person’s or an organization’s name or address and so on.
– This certificate verifies the key belongs to which individual.
– The CA or certificate authority gives its signature in the certificate under the typical PKI (public key infrastructure) scheme.
– Under a second scheme called the web of trust (WOB), the certificate is either signed by the user itself or its endorsements i.e., the other users.
– Whatever the scheme maybe, these signatures on the certificates attest that the public key and the identity information belong to the certificate signer.
– The system relies on something external to it in the case of the provable security.
– It leads to the consequence that whatever the public key certification scheme might be, it has to be based on some exclusive set up assumption.
– Existence of a CA or certificate authority is an example of such assumption.
– Using tools such as the open SSL’s ca command, we can create certificates for the servers that are based on UNIX.
– Another such tool is the SuSE’s gensslcert.
– These commands might even be used for issuing certificates that are unmanaged and other CA certificates that are used for the management of the other certificates.
– These commands are even issued for managing the digital certificate requests that have to be signed by the certificate authority.
– There are even other functions of these commands.there is certificate authority included as a part of the certificate services in the Microsoft windows 2000 and 2003 servers.
– However, in the windows server 2008, the certificate authority has been included with the active directory certificate services.
– The CA helps in the management of the certificates and issuing them to the computers or users.
There are a number of certificate utilities offered by the Microsoft such as the following:
- selfSSl.exe: for the creation of the unmanaged certificates
- certreq.exe: for the creation and submission of the certificate requests to get them signed by the CA.
- certutil.exe: for a number of other functions related to the certificates.
– However, in the MAC OS there is no separate certificate authority.
– Rather, the certificate services are provided by its key chain manager application whose basic function is to keep track of the log-in and other credentials of the users.
Contents of Digital Certificate
Following are the contents of a digital certificate:
– Serial no.: for the unique identification of the certificate.
– Subject: the entity or the person to be identified.
– Signature algorithm: used for the creation of signature.
– Signature: actual signature for verifying whether the user is the correct one.
– Issuer: entity whose purpose is to verify the information concerning a certificate and issuing it.
– Valid – from: date from which the certificate is valid.
– Valid – to: last date of the validity of the certificate.
– Key – usage: purpose (such as for certificate signing, signature or encipherment etc.) of the key.
– Public key
– Thumbprint algorithm: for hashing the public key certificate.
– Thumbprint: the abbreviated form of hash of the public key certificate.
A concept of classes is used by the VeriSign for several types of digital certificates as mentioned below:
– Class 1: basically for the emails sent by the individual users.
– Class 2: for organizations which require a proof of their identity.
– Class 3: for software signing purpose and servers. CA performs an independent verification as well as checking of the authority and identity.
– Class 4: for companies for making online business transactions.
– Class 5: for the purpose of governmental security or private organizations.