What is a Digital Certificate, and why do you need one?
2014-04-22 13:24
561 查看
What is a Digital Certificate, and why do you need one?
A Digital Certificate is a digital file used to cryptographically bind an entity's Public Key to specific attributes relating to its identity. The entity may be a person, organisation, web entity or software application. Like a driving license or passport binds a photograph to personal information about its holder, a Digital Certificate binds a Public Key to information about its owner.In other words, Alice's Digital Certificate attests to the fact that her Public Key belongs to her, and only her. As well as the Public Key, a Digital Certificate also contains personal or corporate information used to identify the Certificate holder, and as Certificates are finite, a Certificate expiry date.
Digital Certificates and Certification Authorities
Digital Certificates are issued by Certification Authorities (CA). Like a central trusted body is used to issue driving licenses or passports, a CA fulfils the role of the Trusted Third Party by accepting Certificate applications from entities, authenticating applications, issuing Certificates and maintaining status information about the Certificates issued.The incorporation of a CA into PKI ensures that people cannot masquerade on the Internet as people they are not by issuing their own fake Digital Certificates for illegitimate use.
The Trusted Third Party CAs will verify the identity of the Certificate applicant before attesting to their identity by Digitally Signing the applicant's Certificate. Because the Digital Certificate itself is now a signed data file, its authenticity can be ascertained by verifying its Digital Signature. Therefore, in the same way we verify the Digital Signature of a signed message, we can verify the authenticity of a Digital Certificate by verifying its signature.
Because CAs are trusted, their own Public Keys used to verify the signatures of issued Digital Certificates are publicised through many mediums widely.
The CA provides a Certification Practice Statement (CPS) that clearly states its policies and practices regarding the issuance and maintenance of Certificates within the PKI. The CPS contains operational information and legal information on the roles and responsibilities of all entities involved in the Certificate lifecycle (from the day it is issued to the day it expires).
Digital Certificates are issued under the technical recommendations of the x.509 Digital Certificate format as published by the International Telecommunication Union-Telecommunications Standardization Sector (ITU-T).
相关文章推荐
- Requirement Traceability Matrix (RTM) – What Is RTM And Why Do We Need It?
- NSLock(Mac OS X (Cocoa) ) — Simple Explanation of What It Is and Why You Need It
- What is virtual memory, how is it implemented, and why do operating systems use it?
- VS 2005 Web Project System: What is it and why did we do it?
- What is tethering and how do you enable tethering?
- Why SHRINKFILE is a very bad thing, and what to do about it.
- (Page 1 of 3 )A walking tour of JavaBeans What JavaBeans is, how it works, and why you want to use it
- what is the virtual machine, when and why we need use it ?
- What is Logical Volume Management and How Do You Enable It in Ubuntu?
- (Page 2 of 3 )A walking tour of JavaBeans 2 :What JavaBeans is, how it works, and why you want to use it
- What is d_type and why Docker overlayfs need it
- (Page 3 of 3 )A walking tour of JavaBeans What JavaBeans is, how it works, and why you want to use it
- What is new and important info you can get from JavaOne 2007
- Who do you think is the best coder and why?
- What is SaaS and why you should you care? by Dennis Stevenson | May 12, 2009
- Docker Orchestration... What It Means and Why You Need It (Docker 编配 ...它是什么意思,为什么你会需要它?)
- why do you need ./ to execute programs in current directory?
- What is Interactive Services Detection and Why is it Blinking at Me?
- What is svchost.exe And Why Is It Running? :: the How-To Geek