Introduction on Digital Certificate
A digital certificate is a small computer file. It is used to establish a relation between both the user and his or her public key. A digital certificate contains two things, i.e. the name of the user and the phis or her public key. So that we can identify that the particular key belongs to the particular user. The information a digital certificate contains is as follows.
- Subject name
- Public key
- Serial number
- Other data like email, phone, etc
- Valid from
- Valid to
- Issuer name
Here subject name stands for the name of the user. The public key stands for the photograph and signature. The serial number stands for the number of a digital certificate. Other data contain users some personal information. Validity is used to show the validity of a particular digital certificate. The issuer’s name is the name of the person who issues a digital certificate for a user.
What is Certificate Authority?
A trusted agency that issues digital certificates is known for certificate authority. A certificate authority (CA) should be the trusted one; hence in many countries, the government decides that who should and should not be a CA. Verisign and Entrust are some of the famous certificate authorities in the world.
Contents of Digital Certificate
Below given are the contents of the Digital Certificates.
X.509 is a standard that defines the digital certificate structure. In 1998, ITU(International Telecommunication Union) came up with this standard. There are 3 versions available for X.509.
It has the following components
• Version: It is used to identify the version of X.509.
• Certificate serial number: it is a unique integer number that CA generates.
• Signature algorithm Identifier: it is used to identify the algorithm used by the CA at the time of signature.
• Issuer Name: it shows the name of the CA who issues a certificate
• Validity: It is used to show the validity of the certificate
• Subject Name: It shows the name of the user to whom the certificate belongs.
• Subject public key information: It contains the user’s public key and algorithm bused for the key.
It has two additional fields
• Issuer unique identifier: It helps to find the CA uniquely if two or more CA have used the same issuer name.
• Subject unique identifier: It helps to find the user uniquely if two or more user has used the same name.
Version 3: Version 3 contains many extensions of digital certificates.
Creation of Digital certificate
Below are the different steps to create a digital certificate:
step 1-Key Generation
In this step, a key is generated. A key can be generated using two approaches.
The user creates a private and public key pair using the software. Users must keep their private key secret. A user sends the public key with additional information to the RA. RA is an intermediate between the CA and the user.
RA generates a key pair for a user. The possibility of this approach is needed when the user is unaware of the technical and software knowledge. The disadvantage of this approach is RA can find out the private key of the user.
Step 2 – Registration
This step is required only if the user generates the pair of key. If RA generates the pair of a key for the user, then key registration is done in the 1st step only. A user sends his/her public key and some other information to the RA. This software provides a wizard where users enter details and submit. Then the data travel through the network and reach the RA. After that user request for the certificate will be registered, and the format for the certificate request has been standardized. This process is called a CSR (Certificate Signing request)
Step 3- Verification
After the registration process complete, RA identifies the user credentials.
Step 4 – Certificate Creation
After all the above-mentioned processes completed, RA passed all the details to the CA. CA cross verifies all the details and generates a digital certificate for the user. CA sends the certificate to the user and keeps one copy of that to keep the records. The Copy of the certificate is stored in the certificate directory.
Types of Digital Certificate
- Email certificate: It contains the email id of the user. This is used to identify the email message’s signer has an email id that is the same as mentioned in the user’s certificate.
2. Server-side SSL certificate: These types of a certificate are useful for the merchants because merchants want their users to trust on their side and buy good services form their site.
3. Client-side SSL certificate: a merchant uses this type of certificate to identify their clients.
4. Code Signing certificates: This type of digital Certificate allows the Software developer to encrypt the code of their software or application. After encrypting the code attacker can not change or modify that code. Code Signing Certificates ensure the highest levels of security and verification. CA of the Code Signing Certificate verifies the integrity of software and the publisher’s identity using public key infrastructure (PKI) and digital signature technology and confirms that your code has not been tampered with or corrupted.
This has been a guide for Digital Certificate. Here we have discussed digital certificates, contents of Digital certificate, and how it is created and its types. You may also have a look at the following articles to learn more.