Digital certificates

In order to implement public-key encryption on a large scale by a secure

web server, a different approach is required, and this is where the digital

certificates come into the picture. The certificate authority, an independent

source, trusts the Webserver. A digital certificate is a bit of information that

certifies the owner to be genuine.

Both the computers trust the certificate authority, which acts as the

middleman. The public keys of each computer are provided, confirming

that each computer is, in fact, who they say they are.

The digital certificate simplifies the task of establishing whether a public

key truly belongs to the purported owner.

A form of your credential is a certificate, which might be your driving

license, Aadhar card, PAN card, or passport. These certificates share some

information identifying you and some authorization that states that someone

else has confirmed your identity.

Much like physical certificate functions, a digital certificate is a data that

functions in a similar way. It helps others verify that a key is genuine and

valid by the digital certificate which is information included with a person’s

public key.

A digital certificate consists of three things that are used to thwart the

attempts to substitute one person’s key for another.

A public key

Certificate information such as “Identity” information about the user;

such as user ID and username

One or more digital signatures

The certificate information has been attested to by some other person or

entity is the purpose of the digital signature on a certificate. The digital

signature vouches only for the signed identity information that goes along

with, or * * the public key and does not attest to the authenticity of the

certificate as a whole.

A certificate is basically a public key with one or two forms of ID attached

plus a stamp of approval from some trusted individual.

Figure 1.7 describes the digital certificate.