The digital equivalent of an ID card used in conjunction with a public key encryption system. Also called a "digital ID," "digital identity certificate," "identity certificate" and "public key certificate," digital certificates are issued by a trusted third party known as a "certification authority" (CA) such as VeriSign (www.verisign.com) and Thawte (www.thawte.com).
The CA verifies that a public key belongs to a specific company or individual (the "subject"), and the validation process it goes through to determine if the subject is who it claims to be depends on the level of certification and the CA itself.
Creating the Certificate
After the validation process is completed, the CA creates an X.509 certificate that contains CA and subject information, including the subject's public key (details below). The CA signs the certificate by creating a digest (a hash) of all the fields in the certificate and encrypting the hash value with its private key. The encrypted digest is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed."
The CA keeps its private key very secure, because if ever discovered, false certificates could be created. See HSM.
Verifying the Certificate
The process of verifying the "signed certificate" is done by the recipient's software, which is typically the Web browser. The browser maintains an internal list of popular CAs and their public keys and uses the appropriate public key to decrypt the signature back into the digest. It then recomputes its own digest from the plain text in the certificate and compares the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the subject.
Then What...
At this point, the subject's identity and the certificate's integrity (no tampering) have been verified. The certificate is typically combined with a signed message or signed executable file, and the public key is used to verify the signatures (see digital signature and code signing). The subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session (see SSL). See PKI.
Signing and Verifying a Digital Certificate
The signed certificate is used to verify the identity of a person or organization.
The CA verifies that a public key belongs to a specific company or individual (the "subject"), and the validation process it goes through to determine if the subject is who it claims to be depends on the level of certification and the CA itself.
Creating the Certificate
After the validation process is completed, the CA creates an X.509 certificate that contains CA and subject information, including the subject's public key (details below). The CA signs the certificate by creating a digest (a hash) of all the fields in the certificate and encrypting the hash value with its private key. The encrypted digest is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed."
The CA keeps its private key very secure, because if ever discovered, false certificates could be created. See HSM.
Verifying the Certificate
The process of verifying the "signed certificate" is done by the recipient's software, which is typically the Web browser. The browser maintains an internal list of popular CAs and their public keys and uses the appropriate public key to decrypt the signature back into the digest. It then recomputes its own digest from the plain text in the certificate and compares the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the subject.
Then What...
At this point, the subject's identity and the certificate's integrity (no tampering) have been verified. The certificate is typically combined with a signed message or signed executable file, and the public key is used to verify the signatures (see digital signature and code signing). The subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session (see SSL). See PKI.
Major Data Elements in an X.509 Certificate Version number of certificate format Serial number (unique number from CA) Certificate signature algorithm Issuer (name of CA) Valid-from/valid-to dates Subject (name of company or person certified) Subject's public key and algorithm Digital signature created with CA's private key
Signing and Verifying a Digital Certificate
The signed certificate is used to verify the identity of a person or organization.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Print2PDF 8.0.09.1028 (Windows)
- Adobe PDF converter DOC to PDF, creator, writer for Windows Vista/2000/XP/2003/2008. Print2PDF uses print output for conversion into an Adobe Acrobat compatible PDF file. Choose from multiple page sizes, orientations, watermark / stamp insertion, metadata access and file resolutions (up to 2400 DPI). Merge output from different applications into a...
- Software downloads 2009-11-12
- Signature995 9.0 (Windows)
- Signature995 allows you to securely transmit and digitally sign PDFs, Office documents and zip archives quickly, affordably, and easily. It uses native PDF 128 bit RC4 encryption to restrict users from printing, copying text and images and modifying PDF files. Signature995 uses Microsoft Cryptographic technologies to provide 128-bit DES encryption,...
- Software downloads 2009-11-04
- Disclaimer, S/MIME for IIS SMTP Service and Exchange Server 1.0 (Windows)
- With this tool, your IIS SMTP Service and Exchange Server will be enabled to add disclaimer and digital signature to outgoing emails from specified senders or domains. Moreover, email encryption (with using the recipient's digital certificate) and S/MIME (Secure / Multipurpose Internet Mail Extensions) will become fully supported in your...
- Software downloads 2009-10-26
- SecureZIP 12.40.016 (Windows)
- Use SecureZIP to secure files with your choice of a passphrase or a digital certificate. Secured files can only be opened with the proper password or the designated digital certificate. SecureZIP also hides file names. Use SecureZIP to compress zip files to reduce storage space and speed transmission times. Zip...
- Software downloads 2009-10-23
- Print2PDF Premium Edition 8.0.09.0917 (Windows)
- Print2PDF Premium Edition integrate watch folder, watch POP3 account, Web application, web service with SOAP support together with a license for virtual Print2PDF printer. Adobe PDF converter DOC to PDF, creator, and writer. Print2PDF uses print output for conversion into an Adobe Acrobat compatible PDF file. Choose from multiple page...
- Software downloads 2009-09-27
- News to know: Scareware; HP; SAP; Cloud computing
- Here are today’s notable headlines. You can get News To Know via email alert and RSS daily. For continuous updates see BNET’s around-the-Web tech coverage. Dancho Danchev: The ultimate guide to scareware protection Gallery: The ultimate guide to scareware protection 9/11...
- Blog posts 2009-09-14
- VintaSoftTwain ActiveX Control 5.1 (Windows)
- VintaSoftTwain ActiveX Control will help you to control scanners, digital or web cameras, or any other TWAIN devices. You can fully control the image acquisition process, use the automatic document feeder, clean up images using noise removal, auto border crop, blank page detection, save acquired images to disk, SQL server,...
- Software downloads 2009-09-04
- PDF995 Printer Driver 9.2 (Windows)
- Create PDF files from any application by simply selecting the print command. It is easy to customize your PDF995 output: preview documents, combine files, change page orientation, add "Confidential" stamps, create PDF stationery, adjust image resolution, summarize documents, convert PDFs to several image file formats, create batch print jobs from...
- Software downloads 2009-08-26
- Good riddance: Digital music sales to surpass CDs in 2010?
- Sorry kid. There are plenty of us who buy CDs. You might want to read this:http://blogs.zdnet.com/BTL/?p=22862They are folks who don't give a rat's a$$ about being on the bleeding edge of technology.They have CD players in their cars, and most likely in their homes, and the purchase of an MP3...
- Discussion threads 2009-08-18
- Why do email Digital Signatures have to be such a pain in the ass?
- Use Help in NotesI got to the part where it allows you to import a pkcs12 and PKCS7 file quite easily using it.However, the whole thing is stupid. I could easily "fake" a certificate by sending the verification to numerous e-mail accounts to trick the system into trusting me.RE:...
- Discussion threads 2009-08-18
- CDs still sell: Who are these people?!?
- who buys cds? why buy cds?own/control music no DRM issues!control quality/type of rip (mp3, wma, bit speed etc)!if you want the entire cd's music why buy track by track?RE: CDs still sell: Who are these people?!?I buy um. Always nice to have the real thing around. They often have...
- Discussion threads 2009-08-18
- PDF Signature Signer 2.0 (Windows)
- PDF Signature Signer is a software program to sign PDF documents using X.509 certificates. The supported signing identity is PKCS#12, which evolved from the PFX Personal inFormation eXchange standard and is used to exchange public and private objects in a single file. PKCS#12 usually stores a private key with the...
- Software downloads 2009-08-14
- SwiKey PdfSigner 1.0b (Mac)
- Digitally sign your Pdf documents with a digital certificate PKCS12 and USB eToken PKCS11 Visible signature on a page of the document Signed documents verification GUI interface or command line Free MacOS X, Linux, Win
- Software downloads 2009-06-22
- Centrally Managing Trust, Security & Compliance in Educational Institutions
- A University with a continuously expanding number of web-enabled applications, servers and internet/networking arrangements was acquiring hundreds of SSL certificates each year. Multiple IT project leaders were independently sourcing digital certificates for each project or user as the requirement arose. Further, many of these certificates were used to support applications...
- Case studies 2009-04-27
- Comodo Certificate Manager for PKI Administration: Centrally Managing Enterprise Security, Trust & Regulatory Compliance
- Digital certificates PKI protect information assets by supporting data encryption, authentication and integrity while at rest or in-transport. Certificates enable user identity and access validation, SSL encryption, and are employed to digitally sign and authenticate web content, process documents, email messages and software programs. Orchestrating this broad landscape of preventive,...
- White papers 2009-04-27
- Top 10 lessons for iPhone adoption in the enterprise
- Is your company ready for the iPhone? Or better, is the iPhone ready for your company? New Forrester research suggests that Apple's iPhone is a worthy platform for delivering content and collaboration applications to an increasingly mobile workforce -- and that there's a case to be made...
- Blog posts 2009-04-14
- VeriSign Code Signing Digital Certificates for Adobe AIR
- Learn how to digitally sign your applications on AdobeR AIRTM with a VeriSignR Code Signing Digital Certificate, which verifies the authenticity of the publisher and the integrity of the product.
- White papers 2009-04-02
- Colorful 3D Cube Theme Includes Free Digital Timer Screensaver (Mobile)
- Colorful 3D Cube Theme Includes Free Digital Timer Screensaver, great theme!Screen saver feature is available in S60 OS 9.2 Feature Pack 1/ 2 phones: Nokia 5320, Nokia 5700, Nokia 6110 Navigator, Nokia 6120 and 6121 Classic, Nokia 6210 Navigator, Nokia 6220 Classic, E51, E66, E71, E75, E90, N76, N78, N79,...
- Software downloads 2009-04-02
- Would you cheat to get 'certified'?
- Sadly, too many do! There appear to be a number of people willing to: - memorize certification test answers - post certification test questions and answers on the web for others to use - charge clients for...
- Blog posts 2009-03-30
- Red Sci Fi Theme Includes Free Digital Timer Screensaver (Mobile)
- Red Sci Fi Theme Includes Free Digital Timer Screensaver, great theme!Screen saver feature is available in S60 OS 9.2 Feature Pack 1/ 2 phones: Nokia 5320, Nokia 5700, Nokia 6110 Navigator, Nokia 6120 and 6121 Classic, Nokia 6210 Navigator, Nokia 6220 Classic, E51, E66, E71, E75, E90, N76, N78, N79,...
- Software downloads 2009-03-27
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
Enterprise Applications
- Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
- New Online Dashboard
-
- Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline
-
