digital certificate


Also found in: Dictionary, Thesaurus, Medical, Legal, Financial, Acronyms.

digital certificate

(communications, security)
An attachment to an electronic mail message used for security purposes, e.g. to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.

An individual wishing to send an encrypted message applies for a digital certificate from a certificate authority (CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other identification information. The CA makes its own public key readily available on the Internet.

The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate.

digital certificate

The digital equivalent of an ID card used in conjunction with a public key encryption system. Also called a "digital ID," "digital identity certificate," "identity certificate" and "public key certificate," digital certificates are issued by a trusted third party known as a "certification authority" (CA) such as VeriSign (www.verisign.com) and Thawte (www.thawte.com).

The CA verifies that a public key belongs to a specific company or individual (the "subject"), and the validation process it goes through to determine if the subject is who it claims to be depends on the level of certification and the CA itself.

Creating the Certificate
After the validation process is completed, the CA creates an X.509 certificate that contains CA and subject information, including the subject's public key (details below). The CA signs the certificate by creating a digest (a hash) of all the fields in the certificate and encrypting the hash value with its private key. The encrypted digest is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed."

The CA keeps its private key very secure, because if ever discovered, false certificates could be created. See HSM.

Verifying the Certificate
The process of verifying the "signed certificate" is done by the recipient's software, which is typically the Web browser. The browser maintains an internal list of popular CAs and their public keys and uses the appropriate public key to decrypt the signature back into the digest. It then recomputes its own digest from the plain text in the certificate and compares the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the subject.

Then What...
At this point, the subject's identity and the certificate's integrity (no tampering) have been verified. The certificate is typically combined with a signed message or signed executable file, and the public key is used to verify the signatures (see digital signature and code signing). The subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session (see SSL). See PKI.

Major Data Elements in an X.509 Certificate

 Version number of certificate format
 Serial number (unique number from CA)
 Certificate signature algorithm
 Issuer (name of CA)
 Valid-from/valid-to dates
 Subject (name of company or person certified)
 Subject's public key and algorithm
 Digital signature created with CA's private key



Signing and Verifying a Digital Certificate
The signed certificate is used to verify the identity of a person or organization.
References in periodicals archive ?
A digital certificate can be released by some form of bioprint before authorization of an electronic transaction takes place, making use of the certificate by someone else almost impossible.
Digital certificates use a Public Key Infrastructure (PKI).
General Services Administration (GSA) has certified the Tumbleweed Validation Authority[TM] as a compliant certificate validation solution meeting requirements for validating digital certificates embedded in Personal Identity Verification (PIV) cards of Federal employees and contractors.
To align operations with the DoD's PKI and Defense In Depth initiatives, the Army decided to standardize on Tumbleweed VA, concluding that the product satisfies its requirements for a cost-effective solution that provides capabilities to speed the real-time validation of digital certificates, ensure secure communications, and to support the system-wide use of smart cards for cryptographic access to desktop, server, and network resources.
SAN ANTONIO -- XRamp, a provider of high-quality digital certificates, today announced that it has experienced record growth, with a 260 percent increase in revenue for the period ending Q3 2005 over the period ending Q3 2004.
One of the biggest challenges for organizations attempting to leverage PKI for e-business operations is digital certificate management," said Andrew Braunberg, a senior analyst at Current Analysis.
Based on the open standard Online Certificate Status Protocol (OCSP, RFC 2560), the Validation Authority allows applications to validate the status of a digital certificate in real time, ensuring that revoked credentials cannot be used for secure email, smart card login, web access, wireless, VPN or other electronic transactions.
Venafi provides digital certificate management solutions that enable Fortune 1000 companies and government institutions to securely scale business operations, reduce costs, prevent downtime, and improve regulatory compliance.
This digital certificate offering is one of many new services RosettaNet has begun to offer to its membership in an effort to decrease time-to-value and simplify implementation of RosettaNet e-business standards.
SAN FRANCISCO -- RosettaNet Member Companies Can Now Use Identrus Digital Certificates to Implement Secure e-Business with Trading Partners
Cryptography plays an integral role in protecting the integrity of the complex processes involved in the validation of digital certificates," says Tony Crossman, Director, Strategic Partners at nCipher.
Our unique digital certificate management technology ensures that our Fortune 1000 customers are able to not only reduce maintenance and IT costs, but securely expand their e-business operations.

Full browser ?