WiredWX Hobby Weather ToolsLog in

 


descriptionWhat Are Digital Certificates? EmptyWhat Are Digital Certificates?

more_horiz
What Are Digital Certificates?

What Are Digital Certificates? UdrSfz6

Digital certificates form the basis of authentication and encryption.

Authentication is the means by which the identities of individuals, organizations, and devices are validated.

Encryption hides information from people who are not authorized to see it. Encryption uses keys to translate data from its base format to another, unintelligible format. The only way to make the data intelligible again is to translate it back—and of course it takes a key to translate the data back to its base format.

Longest-used encryption methods, called symmetric encryption, use the same key for both encrypting and decrypting. Because both the sender and the recipient need the key, transmitting the key from the sender to the recipient can be a significant problem in itself.

A asymmetric encryption, uses different keys to encrypt and decrypt data. The asymmetric encryption method commonly used today is called public key cryptography. Public key cryptography uses a private key, known only to a single entity, and a public key, which is made available by the owner of the private key to anyone who needs it. Data encrypted with a public key can be decrypted only with its corresponding private key.

Digital certificates function similarly to identification cards such as passports and drivers’ licenses. Digital certificates are issued by recognized (government) authorities. When someone requests a certificate, the authority verifies the identity of the requester, certifies that the requester meets all requirements to receive the certificate, and then issues it. When a digital certificate is presented to others, they can verify the identity of its owner because the certificate provides the following security benefits:

  • It contains personal information to help identify and trace the owner.
  • It contains the information that is required to identify and contact the issuing authority.
  • It is designed to be tamper-resistant and difficult to counterfeit.
  • It is issued by an authority that can revoke the identification card at any time (for example, if the card is misused or stolen).
  • It can be checked for revocation by contacting the issuing authority.


The public key infrastructure (PKI), in fact, is used to create a complete system of security and authentication that can be tracked back to a trusted source.

The Digital Signatures > View Certificate > General tab of the Certificate dialog box lists the certificate's purposes. The Certificates snap-in for Microsoft Management Console (MMC) can organize certificates by purpose.

What Are Digital Certificates? DMxK8EV

    Tip
To see a complete list of certificate purposes, in the Certificates snap-in choose View, Options and select Certificate Purpose.


The storage location for the certificates on your computer is called, logically enough, a certificate store. Within the certificate store, certificates can be grouped according to the role they play within the PKI or in the specific application that uses them. Some applications that use certificates create a logical group.

Logical Certificate Stores:


Store Description

Personal

Any certificates assigned to you and associated with your private keys.

Trusted Root Certification Authorities

Self-signed certificates of CAs that are implicitly trusted. This store includes certificates issued by third-party CAs, by Microsoft, and by your organization (if it has a domain-based certificate server).

Enterprise Trust

Any certificate trust lists you create.  Certificate trust lists let you trust self-assigned root certificates from other organizations.

Intermediate Certification Authorities

Certificates issued to other CAs.

Trusted Publishers

Certificates issued to publishers you've designated as always trustworthy or that are trusted by software restriction policies.

Untrusted Certificates

Certificates that you explicitly do not trust. Certificates arrive here if you select Do Not Trust This Certificate in a dialog box displayed by your e-mail program or Web browser.

Third-Party Root Certification Authorities

A subset of Trusted Root Certification Authorities that includes trusted root certificates from CAs other than Microsoft and your organization.

Trusted People

Certificates issued to people that are explicitly trusted.

Other People

Certificates issued to people with whom you share encrypted documents.

Certificate Enrollment Requests

Certificate requests that are pending.



Digital Certificates are issued by Certification Authorities (CA). A certification authority is an integral part of the PKI. The essential role of a CA is to establish and vouch for the authenticity of public keys belonging to users or other certification authorities. To perform this role, a CA issues certificates signed with its own private key, manages certificate serial numbers, and, when necessary, revokes certificates.

The incorporation of a CA into PKI ensures that people cannot masquerade on the Internet as people they are not by issuing their own fake Digital Certificates for illegitimate use.

What Are Digital Certificates? 5dtfnRS

Before granting a certificate to an individual or organization, the CA is responsible for verifying the identity of the entity that is applying for the certificate. After the requester's identity is verified, the CA assigns the requester both a public key and a private key and then supplies a digital certificate signed with the CA's private key. The validity of the certificate, then, is only as good as the credibility and level of trust maintained by the CA.

The certificates for all the CAs installed by default in your Trusted Root Certification Authorities store are trusted without question. Trusted root authority certificates are self-signed—that is, they authenticate themselves. By contrast, the certificates of an intermediate CA are signed not by that CA itself but by another CA. If the other CA is a trusted root authority, the first CA is trusted by inference. You might have a whole chain of CA authentication—called the certification path—ending with a trusted root authority. The Certificate dialog box contains a tab called Certification Path that displays this chain of authentication back to a trusted root authority.

What Are Digital Certificates? SWRGjDG
Each certificate has a certification path, a chain of authentication back to a trusted root authority.

A certificate that is not trusted is because it was not issued by a trusted root authority. You can choose to trust such certificates, but you should do so only if you're certain of the source's integrity.


Did you find this tutorial helpful? Don’t forget to share your views with us.

descriptionWhat Are Digital Certificates? EmptyRe: What Are Digital Certificates?

more_horiz
Excellent detail, thanks for the info!

descriptionWhat Are Digital Certificates? EmptyRe: What Are Digital Certificates?

more_horiz
Thank you, i'm glad know you enjoy the tutorial!

descriptionWhat Are Digital Certificates? EmptyRe: What Are Digital Certificates?

more_horiz
Yes, I have a personal certificate I use to digitally sign emails, apps, and other things I may create. Encryption is key! PUN INTENDED! Awesome (sparkly)

descriptionWhat Are Digital Certificates? EmptyRe: What Are Digital Certificates?

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum