A digital certificate is an electronic proof of authenticity issued by a certification authority. Certificates are used on the Internet to encrypt data traffic.
What is a digital certificate?
The digital certificate is an electronic proof of authenticity issued by a certification authority (CA). On the Internet, certificates have the comparable function of an ID card in the offline world. With the help of a certificate, a public key can be securely assigned to a specific owner. The contents of the certificate include information about the name of the owner and about the issuer of the certificate as well as about the validity period and the use of the certificate.
Together with the public key infrastructure (PKI), certificates enable information to be transmitted securely and encrypted on the Internet. The encryption is based on asymmetric cryptographic processes with private and public keys. The certificate reliably confirms to whom the public key belongs. Browsers and operating systems keep a list of trusted certification authorities. If a certificate is issued by such a certificate authority, the computer considers it to be genuine. The ITU recommendation X.509 v3 regulate the format and content of digital certificates.
The possible uses of digital certificates
In the IT environment, certificates can be found in many areas. They are used where the identity of a communication partner or the source of information must be clearly established. Common areas of application are:
- Encrypted connections between a web browser and a web server via HTTPS (Hypertext Transfer Protocol Secure)
- Encryption and signing of e-mails
- Signing of digital documents
- Signing of software and updates
- Establishment of VPN connections (Virtual Private Network)
The content of a certificate
The X.509 standard specifies what content must be included in a certificate and in what form. Some information is mandatory and some is optional. X.509 certificates are used, for example, to encrypt websites using the HTTPS protocol or to sign and encrypt e-mails using the S/MIME standard. Important information in an X.509 certificate includes:
- Version number
- Serial number
- Algorithms used to create it
- Name of the issuer
- Name of the holder
- Validity period
- Information about the public key of the holder
- Information about the intended use of the certificate
- Digital signature of the Certification Authority
Certification authorities, also called certification authorities (CA) or trust centers, play an important role in the public key infrastructure and certificates. They check the details and identity of an applicant for a certificate and issue it if the details are correct. They can also take care of publishing the certificates and storing them in public directories.
Other tasks of the CA include managing and publishing certificate revocation lists and recording all certification activities of the Certification Authority. In Germany, certification authorities are subject to legal frameworks and requirements described in the German Trust Services Act (VDG). It replaced the Signature Act (SigG) and places certificate issuers under the supervision of the German Federal Network Agency. There are special requirements and security specifications for the data centers of the certification bodies.