Digital certificates

Written on 9 February 2015, 09:33pm

Tagged with: , ,

TL;DR:
A digital certificate binds an individual’s identity to its public key; it proves the ownership of a public key. Digital certificates are like passports, and they are a fundamental part of the PKI (Publick Key Infrastructure).

Class of certificates (this might differ according to the issuer):
class 1: individual (email + domain verification)
class 2: software developer (physical ID verification)
class 3: company (face to face verification)

Creation, storage and distribution of digital certificate
CA – Certificate Authority – issues and verifies the digital certificates
RA – Registration Authority – verifies the identity of users requesting a digital certificate

The RA verifies the identity of the certificate requestor on behalf of the CA.
The CA generates the certificate using information forwarded by RA

Root certificate
All web browsers come with an extensive built-in list of trusted root certificates.
certificate root

X.509 is a standard – for the structure of the digital certificate

Types of certificates
A certificate provider can opt to issue three types of certificates, each requiring its own degree of vetting rigor. In order of increasing rigor (and naturally, cost) they are:
– Domain Validation
– Organization Validation and
– Extended Validation ->Activates the green address bar đŸ™‚

ev-ssl-browser-bar-safari

ExtendedSSL is an Extended Validation Certificate, the highest class of SSL available today.

ExtendedSSL activates the green address bar and displays your organization name in the browser interface. These prominent security indicators increase user trust in your website and increase its credibility, leading to more sales conversions.
From €679/year
https://www.globalsign.com/en/ssl/ev-ssl/

Digital certificates can also be used for client authentication.
client authentication
You can install a certificate in the browser and authenticate with it on certain websites. However, it is your responsibility that no one else gets physical access to your workstation (3rd law of security).
More about this