• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

What is Digital Certificate?How it Works?

by wing

A digital certificate is a way to confirm the identity of a public key owner. Normally, a third party organization, known as CA (certification authority), is responsible for confirming or binding the identity of a digital certificate owner. It is used to establish secure communication between two parties who are unknown to each other or have lack of trust. Digital certificate can assure that the person who you can want to establish communication is actually the person who he claims to be.

So, the main reason of using digital certificate is building trust between two parties who want to communicate securely.

How trust is build using digital certificate?

We can verify an unknown person’s identify when a well-known organized endorse the identity of that person. In case of digital certificate, the CA or certificate authority endorses the identity of the certificate owner, in simple words, a CA offers notarization server to give reasonable assurance that the owner of the certificate is authentic.

A digital certificate contains encrypted form of the public key of the certificate owner.

Practical application of digital certificate

Ecommerce websites use digital certificate to assure its buyers that they are who they claim to be.

Basic components of digital certificates

Encrypted public key of the certificate owner, owner’s identity information.

digital certificate creation process

How digital certificate is created

For example, user A wants to communicate with user B securely. And user B needs a digital certificate for secure communication. At first, user B needs to acquire a digital certificate from a CA (certificate authority). In order to receive a certificate user B use the following process:

  1. In order to obtain a digital certificate, for the first time, user B sends a request to RA (registration authority). RA is responsible for verifying the requester’s identity; it does not issue any certificate. B may use its driving license, business document or any other identity information to prove its identity to the RA. Once the RA is satisfied with B’s identity information, it sends the request to the CA, on behalf of user B, for issuing a digital certificate.
  2. CS creates the digital certificate using B’s public key and other identity information. The standard used to create this certificate is x.509. The public/private key pair can be create either by the CA or by the user B. When the CA created the public key on behalf of the user, then it needs to send the private key securely to B. if B creates public and private key pair, it needs to send the public key securely to the CA in order to create the digital certificate.
  3. The CA signs the certificate with its own private key in order to ensure the authenticity, integrity and non-repudiation of the digital certificate. Finally, the CA sends back the certificate to B, which can be used to establish secure communication.

how digital certificate works

The above steps make sure the user B has a digital certificate that another user A can use to start communicating with B. To start a communication suing B’s digital certificate, A uses the following steps:

  1. A sends a request for B’s digital certificate to a certificate repository, also known as public directory, which is a part of CA.
  2. When A receives B’s certificate it verifies it with the help of web browser by checking digital signature of the CA using the public key of the CA. Then A uses the B’s public key supplied by the certificate to encrypt the message.
  3. When B receives the encrypted message, it uses its own private key to decrypt the message. Remember that no one except A will be able to decrypt this message because A’s private key is not shared with anyone.

Some well-known certificate authorities:

  • VeriSign
  • Thawte
  • Comodo Limited
  • DigiCert
  • Network Solutions, LLC

How to verify a digital certificate?

For example, you are using Firefox Mozilla to browse an ecommerce site, and you want to purchase a product. When you go to the checkout page, right click on that page and select “view page info”.

digital certificate view in firefoxNext, click on the ‘security’ tab and then click on “view certificate”. Check the “issued to” and “issued by” and other useful parameters that must show the website address and the name of the CA. make sure that the visited site’s domain name match with the name of the CN name mentioned in the certificate. Also check the validity period of that certificate.

how to view digital certificate in forefox

Important points to remember:

CA: a certification authority only endorse the public key, which means authenticate the owner of the certificate to prevent the man of the middle attack.

RA: registration authority only verifies the identity of the user who wants to obtain a certificate. After verification the RA sends the request to CA for issuing the certificate. RA can never issue any certificate, instead it ease off the validation burden of the CA.

x.509: it is a standard to create a digital certificate, which has several fields such as the issuer’s name (CA’s name), version, serial number, digital signature, validity period etc. The CA uses x.509 template to create a certificate.

Related Posts:

  • 9 Types of Digital Security Risks

Filed Under: Internet Security and Safety Tagged With: certificate, digital

Primary Sidebar

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Pages

  • About
  • Best IT Security Certification Exam
  • CISA IT governance Sample test
  • CISA Sample Test
  • CISSP Sample Test Online
  • Consultancy
  • Contact

Popular Posts

  • 8 Effective Ways to Impro...
  • 3 Steps to Install Miniku...
  • Yahoo Mail Security Setti...
  • How to Setup AWS CloudFro...
  • 3 Simple Steps to Capture...
  • 5 Steps to Setup a Nexus3...
  • How to Configure AAA (TAC...
  • How to Configure SNMP in...
  • How to Install AWS CLI an...
  • How to Renew Self-Signed...

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

antivirus audit AWS backup browser check cisco cloud computer cyber data database encryption firewall home hsrp ids informaiton internet intrusion it kubernetes linux load balancing malware network protection putty risk router security security tips server ssh SSL switch tools virus vpn vulnerability web webserver website windows wordpress

Copyright © 2010-2023 ·All Rights Reserved · SecurityWing.com