--Originally published at Computer and Information Security
Just like in the real world where people requiere a way to identify themselves, like a passport or a driving license, in computing, organizations and computers also need a digital certificate in order to be able to exchange information securely through the internet.
A digital certificate must provide information to identify the owner and it must be issued by a trusted and official entity.
A certificate must contain this information:
- The name of the entity that is being certified (That’s you in your driving license).
- A serial number.
- An expiration date.
- The certificate of the holder’s public key (Used for encryption and digital signatures).
- The digital signature of the entity that is issuing this certificate.
Since this certificates contain the digital signature of a trusted authority, operating systems and browsers have lists of this certificates in order to verify the authenticity of the certificates.
There are 4 types of digital certificates:
- Personal Certificates.
- Server Certificates.
- Software Publisher Certificates.
- Certificate Authority Certificates.
