What is a digital certificate? (2024)

Table of Contents
What is a digital certificate? How are digital certificates used? Who can issue a digital certificate? Digital certificates vs. digital signatures What are the different types of digital certificates? Digital certificate benefits Digital certificate limitations FAQs

By

  • Mary E. Shacklett,Transworld Data
  • Peter Loshin,Former Senior Technology Editor

What is a digital certificate?

A digital certificate, also known as a public key certificate, is used to cryptographically link ownership of a public key with the entity that owns it. Digital certificates are for sharing public keys to be used for encryption and authentication.

Digital certificates include the public key being certified, identifying information about the entity that owns the public key, metadata relating to the digital certificate and a digital signature of the public key the certificate issuer created.

The distribution, authentication and revocation of digital certificates are the primary functions of the public key infrastructure (PKI), the system that distributes and authenticates public keys.

What is a digital certificate? (1)

Public key cryptography depends on key pairs: one private key to be held by the owner and used for signing and decrypting and one public key that can be used for encrypting data sent to the public key owner or authenticating the certificate holder's signed data. The digital certificate enables entities to share their public key so it can be authenticated.

See Also
What are Digital Certificates? | Digital SSL CertificatesHow to Obtain Digital Certificate and Make a rigid Digital SignatureTypes of Digital CertificatesDigital certificate

Digital certificates are used in public key cryptography functions most commonly for initializing Secure Sockets Layer (SSL) connections between web browsers and web servers. Digital certificates are also used for sharing keys used for public key encryption and authentication of digital signatures.

All major web browsers and web servers use digital certificates to provide assurance that unauthorized actors have not modified published content and to share keys for encrypting and decrypting web content. Digital certificates are also used in other contexts, online and offline, for providing cryptographic assurance and data privacy.

Digital certificates that are supported by mobile operating environments, laptops, tablet computers, internet of things (IoT) devices, and networking and software applications help protect websites, wireless networks and virtual private networks.

How are digital certificates used?

Digital certificates are used in the following ways:

  • Credit and debit cards use chip-embedded digital certificates that connect with merchants and banks to ensure that the transactions performed are secure and authentic.
  • Digital payment companies use digital certificates to authenticate their automated teller machines, kiosks and point-of-sale equipment in the field with a central server in their data center.
  • Websites use digital certificates for domain validation to show they are trusted and authentic.
  • Digital certificates are used in secure email to identify one user to another and may also be used for electronic document signing. The sender digitally signs the email, and the recipient verifies the signature.
  • Computer hardware manufacturers embed digital certificates into cable modems to help prevent the theft of broadband service through device cloning.

As cyberthreats increase, more companies are considering attaching digital certificates to all of the IoT devices that operate at the edge and within their enterprises. The goals are to prevent cyberthreats and protect intellectual property.

What is a digital certificate? (2)

Who can issue a digital certificate?

An entity can create its own PKI and issue its own digital certificates, creating a self-signed certificate. This approach might be reasonable when an organization maintains its own PKI to issue certificates for its own internal use. But certificate authorities (CAs) -- considered trusted third parties in the context of a PKI -- issue most digital certificates. Using a trusted third party to issue digital certificates enables individuals to extend their trust in the CA to the digital certificates it issues.

Digital certificates vs. digital signatures

Public key cryptography supports several different functions, including encryption and authentication, and enables a digital signature. Digital signatures are generated using algorithms for signing data so a recipient can irrefutably confirm the data was signed by a particular public key holder.

Digital signatures are generated by hashing the data to be signed with a one-way cryptographic hash; the result is then encrypted with the signer's private key. The digital signature incorporates this encrypted hash, which can only be authenticated, or verified, by using the sender's public key to decrypt the digital signature and then running the same one-way hashing algorithm on the content that was signed. The two hashes are then compared. If they match, it proves that the data was unchanged from when it was signed and that the sender is the owner of the public key pair used to sign it.

A digital signature can depend on the distribution of a public key in the form of a digital certificate, but it is not mandatory that the public key be transmitted in that form. However, digital certificates are signed digitally, and they should not be trusted unless the signature can be verified.

What are the different types of digital certificates?

Web servers and web browsers use three types of digital certificates to authenticate over the internet. These digital certificates are used to link a web server for a domain to the individual or organization that owns the domain. They are usually referred to as SSL certificates even though the Transport Layer Security protocol has superseded SSL. The three types are the following:

  1. Domain-validated (DV) SSL certificates offer the least amount of assurance about the holder of the certificate. Applicants for DV SSL certificates need only demonstrate that they have the right to use the domain name. While these certificates can ensure the certificate holder is sending and receiving data, they provide no guarantees about who that entity is.
  2. Organization-validated (OV) SSL certificates provide additional assurances about the certificate holder. They confirm that the applicant has the right to use the domain. OV SSL certificate applicants also undergo additional confirmation of their ownership of the domain.
  3. Extended validation (EV) SSL certificates are issued only after the applicant proves their identity to the CA's satisfaction. The vetting process verifies the existence of the entity applying for the certificate, ensures that identity matches official records and is authorized to use the domain, and confirms that the domain owner has authorized issuance of the certificate.

The exact methods and criteria CAs follow to provide these types of SSL certificates for web domains is evolving as the CA industry adapts to new conditions and applications.

There are also other types of digital certificates used for different purposes:

  • Code signing certificates may be issued to organizations or individuals who publish software. These certificates are used to share public keys that sign software code, including patches and software updates. Code signing certificates certify the authenticity of the signed code.
  • Client certificates, also called a digital ID, are issued to individuals to bind their identity to the public key in the certificate. Individuals can use these certificates to digitally sign messages or other data. They can also use their private keys to encrypt data that recipients can decrypt using the public key in the client certificate.

Digital certificate benefits

Digital certificates provide the following benefits:

  • Privacy. When you encrypt communications, digital certificates safeguard sensitive data and prevent the information from being seen by those unauthorized to view it. This technology protects companies and individuals with large troves of sensitive data.
  • Ease of use. The digital certification process is largely automated.
  • Cost effectiveness. Compared to other forms of encryption and certification, digital certificates are cheaper. Most digital certificates cost less than $100 annually.
  • Flexibility. Digital certificates do not have to be purchased from a CA. For organizations that are interested in creating and maintaining their own internal pool of digital certificates, a do-it-yourself approach to digital certificate creation is feasible.

Digital certificate limitations

Some limitations of digital certificates include the following:

  • Security. Like any other security deterrent, digital certificates can be hacked. The most logical way for a mass hack to occur is if the issuing digital CA is hacked. This gives bad actors an on-ramp into penetrating the repository of digital certificates the authority hosts.
  • Slow performance. It takes time to authenticate digital certificates and to encrypt and decrypt. The wait time can be frustrating.
  • Integration. Digital certificates are not standalone technology. To be effective, they must be properly integrated with systems, data, applications, networks and hardware. This is no small task.
  • Management. The more digital certificates a company uses, the greater the need to manage them and to track which ones are expiring and need to be renewed. Third parties can provide these services, or companies can opt to do the job themselves. But it can be expensive.

Learn how timing attacks can be used to crack encryption keys.

This was last updated in September 2021

Continue Reading About digital certificate

  • Roll out IoT device certificates to boost network security
  • How do electronic signatures vs. digital signatures differ?
  • How to get a digital certificate that works for your network
  • Strong security can unleash the promise of the industrial internet of things

Related Terms

What is identity threat detection and response (ITDR)?
Identity threat detection and response (ITDR) is a collection of tools and best practices aimed at defending against cyberattacks...Seecompletedefinition
What is LDAP (Lightweight Directory Access Protocol)?
LDAP (Lightweight Directory Access Protocol) is a software protocol used for locating data about organizations, individuals and ...Seecompletedefinition
What is SSH (Secure Shell) and How Does It Work?
SSH (Secure Shell or Secure Socket Shell) is a network protocol that gives users -- particularly systems administrators -- a ...Seecompletedefinition

Dig Deeper on Identity and access management

  • How do electronic signatures vs. digital signatures differ?By: GeoffreyBock
  • digital signatureBy: CameronHashemi-Pour
  • How to remove digital signatures from a PDFBy: JordanJones
  • How do digital signatures work?By: DavidWeldon
What is a digital certificate? (2024)

FAQs

What does a digital certificate do? ›

A digital certificate is a file or electronic password that proves the authenticity of a device, server, or user through the use of cryptography and the public key infrastructure (PKI). Digital certificate authentication helps organizations ensure that only trusted devices and users can connect to their networks.

Read On
How do you obtain a digital certificate? ›

Digital certificates are issued by Certificate Authorities, also called Trust Service Providers. Once a Trust Service Provider issues a digital certificate, it can be stored on a smart card, USB drive, local computer, mobile phone, or in the cloud.

Discover More Details
Who gives out digital certificates? ›

Digital certificates are typically issued by a certificate authority (CA), which is a trusted third-party entity that issues digital certificates for use by other parties.

Continue Reading
Can you print a digital certificate? ›

In most cases, the downloads will be saves under downloads on your computer. 4.3 Your digital certificate will display in the same format as below. Please note the certificate can be printed anytime and if we make changes to the format, they will be available immediately.

See Details
Are digital certificates expensive? ›

On average, a Secure Sockets Layer (SSL) certificate costs around $60/year. However, the price can vary from $8 to $1000/year, depending on various factors, such as the number of domains one can protect, the validation process, the warranty, or the certificate authority itself.

Find Out More
What is the most common digital certificate? ›

Transport Layer Security/Secure Socket Layer (TLS/SSL) Certificates. TLS/SSL certificates are vital for securing online transactions by encrypting data between web browsers and servers. This encryption protects sensitive information like passwords and credit card numbers from being intercepted.

Tell Me More
How do I access my digital certificate? ›

After registering your identity, you will receive an email with the same application code and a link to download your Digital Certificate. On the website accessed through the link, input your NIE, name and the code, and then accept again the privacy policy.

Show Me More
Who is responsible for issuing digital certificates? ›

Certificate Authorities are trusted third parties responsible for issuing and managing digital certificates. Their responsibilities include: Verifying the identity of certificate applicants.

Explore More
What can a digital certificate not be used for? ›

A digital certificate does not verify the authenticity of a CA; rather, a CA verifies the authenticity of a user.

Continue Reading
What is an example of a digital certificate? ›

For example, digital certificates (SSL certificates) are often used to authenticate a website to a web browser. The certificate contains identifiable information like an IP address, username, or serial number; a copy of the public key; the certificate authority's name; and a digital signature.

Show Me More

What is the difference between a certificate and a digital certificate? ›

Digital certificates are easily shareable, updatable, and can be verified electronically. On the other hand, a traditional certificate is a physical document printed on paper. Its verification relies on visual inspection or manual checks of security features such as holograms or watermarks.

Read The Full Story
How effective are digital certificates? ›

Digital certificates are one of the most robust means of verifying identities that IT teams have in their arsenal. But as the number of network endpoints expands, it can become increasingly difficult to manage them efficiently and securely.

See Details
What is a digital signature certificate and how does it work? ›

Digital signatures work by proving that a digital message or document was not modified—intentionally or unintentionally—from the time it was signed. Digital signatures do this by generating a unique hash of the message or document and encrypting it using the sender's private key.

Get More Info Here
What is the difference between a digital credential and a certificate? ›

Digital credentials are essentially online versions of certificates. Just like physical documents, digital credentials verify and serve as an authentic proof of achievements and skills.

Continue Reading
Top Articles
Change the plotting order of categories, values, or data series
7 Best Open Source Router OS Software %%currentyear%%
Golden Abyss - Chapter 5 - Lunar_Angel
Unit 30 Quiz: Idioms And Pronunciation
Arkansas Gazette Sudoku
Unitedhealthcare Hwp
Zitobox 5000 Free Coins 2023
Alpha Kenny Buddy - Songs, Events and Music Stats | Viberate.com
Miles City Montana Craigslist
Mail Healthcare Uiowa
Roblox Character Added
Best Suv In 2010
Letter F Logos - 178+ Best Letter F Logo Ideas. Free Letter F Logo Maker. | 99designs
The Cure Average Setlist
Plan Z - Nazi Shipbuilding Plans
Nevermore: What Doesn't Kill
Long Island Jobs Craigslist
Titanic Soap2Day
8005607994
Plaza Bonita Sycuan Bus Schedule
Teekay Vop
Southland Goldendoodles
Surplus property Definition: 397 Samples | Law Insider
Disputes over ESPN, Disney and DirecTV go to the heart of TV's existential problems
Cpt 90677 Reimbursem*nt 2023
Urbfsdreamgirl
Accuradio Unblocked
O'reilly's In Mathis Texas
Enduring Word John 15
Jailfunds Send Message
Albertville Memorial Funeral Home Obituaries
Tu Housing Portal
Planned re-opening of Interchange welcomed - but questions still remain
Robert A McDougal: XPP Tutorial
Craig Woolard Net Worth
R/Orangetheory
Advance Auto Parts Stock Price | AAP Stock Quote, News, and History | Markets Insider
Mumu Player Pokemon Go
The Best Carry-On Suitcases 2024, Tested and Reviewed by Travel Editors | SmarterTravel
Police Academy Butler Tech
Natashas Bedroom - Slave Commands
Dynavax Technologies Corp (DVAX)
2700 Yen To Usd
Qlima© Petroleumofen Elektronischer Laserofen SRE 9046 TC mit 4,7 KW CO2 Wächter • EUR 425,95
Lovely Nails Prices (2024) – Salon Rates
Setx Sports
Quaally.shop
Cch Staffnet
Random Animal Hybrid Generator Wheel
Devotion Showtimes Near Showplace Icon At Valley Fair
Terrell Buckley Net Worth
Selly Medaline
Latest Posts
Cash Balance Plan to 401(k) Rollover | Process, Pros & Cons
How to Make More Money Fast – the 80/20 Principle for Freelance Translators - American Translators Association (ATA)
Article information

Author: Pres. Lawanda Wiegand

Last Updated:

Views: 5665

Rating: 4 / 5 (51 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Pres. Lawanda Wiegand

Birthday: 1993-01-10

Address: Suite 391 6963 Ullrich Shore, Bellefort, WI 01350-7893

Phone: +6806610432415

Job: Dynamic Manufacturing Assistant

Hobby: amateur radio, Taekwondo, Wood carving, Parkour, Skateboarding, Running, Rafting

Introduction: My name is Pres. Lawanda Wiegand, I am a inquisitive, helpful, glamorous, cheerful, open, clever, innocent person who loves writing and wants to share my knowledge and understanding with you.