What is a Digital Certificate?
A digital certificate is an electronic document that proves the ownership of a public key. A digital certificate contains various information, such as the identity of the owner of the public key, information about the public key and the digital signature of the issuer of the certificate, etc. If an entity sends a digital certificate to another entity, then the recipient can easily verify the digital certificate. On successful verification, the recipient can be sure that the public key belongs to the sender and the recipient can trust the public key.
Why do we need a Digital Certificate?
Let’s say a client wants to establish a TLS connection with a server. Now, a TLS connection uses public-key encryption for authentication. The server sends its public key to the client. The client uses the public key to encrypt sensitive data and sends it across. As only the server possesses the corresponding private key, no one else can decrypt and read the data.
But, what if a malicious third-party intercepts the communication? An attacker may intercept the communication when the server sends its public key to the client and send the client its own public key instead of that of the server. If the client trusts the received public key and encrypts sensitive data with that public key, the attacker can easily decrypt and read the data.
So, when the server sends its public key to the client, the client needs some way to verify that the public key indeed belongs to the server and no one else. We use a digital certificate for that purpose.
When an entity wants to be issued a digital certificate, the Certificate Authority verifies the identity of the entity and issues a digital certificate. The digital certificate contains various information that includes the following:
- A serial number that identifies the certificate uniquely
- The entity to whom the certificate belongs
- The issuer of the certificate
- The validity period of the certificate
- The public key of the entity
- The algorithm that is used to sign the digital certificate
- The digital signature of the issuer of the certificate. The issuer uses its private key to make this digital signature
When an entity receives a digital certificate from another entity, the receiving entity can verify the digital certificate with the CA that issued the certificate. The digital certificate contains the digital signature of the issuer of the certificate. Readers, who want to know more about how the digital certificate verification works can refer to the article: What is Certificate Chain and how does it work?
0 Comments