What is a digital certificate?

Last Updated: Fri, Sep 21, 2018 13:45 hrs
Digital Signature

A digital signature certificate, which is also called a ‘public key certificate’ or an ‘identity certificate’, is an electronic ‘password’ allowing individuals/organizations to exchange data safely on the internet using public key infrastructure. Digital certificates are employed for the cryptographic linking of the entity with its ownership of the public key. These are specifically created for sharing these public keys safely for authentication and encryption processes. They essentially verify whether the user sending a particular message is who they claim to be, and equips the receiver with the resources for encoding a reply. Digital certificates encompass the following – the public key being certified, the identification information of the entity owning the public key, the metadata relating to the certificate, and the public key’s digital signature created by the certificate issuer.

Types of digital certificates
Listed below are the main kinds of digital certificates:
1. Secure Socket Layer Certificates: Server/client certificates identify the server/client applications which employ certificates for secure communications. They contain the information relating to the identity of the entities owning the application and the system’s public key. SSL Certificates are installed on a server, which could be of different kinds for various purposes such as LDAP/directory/mail servers.

2. Software/Code Signing Certificates: Code/Software Signing Certificates are used to ‘digitally sign’ objects and are the means to verify the ownership, origin, and integrity of the same. These are digital equivalents of hologram seals in the real world employed to authenticate software and assure the user that the object is genuine. Another associated certificate is a signature verification certificate, which is a copy of an object signing certificate sans its private key. The public key on this certificate can be used to authenticate the digital signature created along with an object signing certificate. This allows for determining the object’s origins and checking for alterations since the original signature.
3. Client Certificates: Client Certificates identify one device to another/an individual to a gateway or a device/or one individual to another. Two devices/individuals/combination communicating over the web can use this certificate to assure the opposite party of their identity. Issued in millions of numbers annually, Client Certificates are the chief reason for purchasing a CA (Certificate Authority), which is a digital credential validating the identity of the CA which owns the certificate.

Classes of digital certificates
The following are the broad classes of digital certificates, each corresponding to a specific level of trust, a specific purpose, and specific verification methods:

  • Class 1 Certificates: Issued to both individuals and businesses, these verify that the user’s name/names and contact info doesn’t conflict with information in the CA’s database and providing a basic assurance level.
  • Class 2 Certificates: Issued to both individuals and businesses, these verify that the user’s name/names and contact info doesn’t conflict with that in well-known consumer databases. This is relevant in low-to-moderate-risk-and-consequences environments.
  • Class 3 Certificates: Issued to both individuals and organizations, these high-assurance certificates are usually employed for e-commerce applications and are relevant in high-risk environments.

    How to get a digital certificate?
    Generally speaking, the process of obtaining a digital certificate online begins with the user filling the application form and attaching relevant documents adhering to name and address confirmation. One is also supposed to reconfirm their email ID, and finally, sign both that and the subscriber’s agreement. Finally, the entire completed application along with the documents need to be sent to the authority which issues the digital signature certificates. For instance, in India, it is the Controller of Certifying Authorities (CCA) which falls under the aegis of the Ministry of Electronics & IT. However, one needs to remember that digital signatures have a limited validity and need to be renewed from time to time.