What is digital certificate?


Digital certificate is a credential that identifies the holder of the certificate.  In a physical context, it could be the identification card that a customer may need to produce to prove his identity.  In this sense we have the useful details on the card as well as whom the issuer of the card is.  The recipient frequently attaches different levels of trust to the credential, depending on who the issuer is.  A card that one has obtained from a video club is never as credible as a driving license.  A digital certificate is an electronic credential that is issued by a certificate authority (CA) to prove the identity if the holder.  The party to communication trusts the holder of the certificate and has confidence in the integrity of information because he trusts the issuing certificate authority. 



For secure online communication, we need a pair of encryption keys, one of which is called the private key and the other the public key.  Digital certificate is the wrapper for the public key that parties to communication obtain from a certificate authority.  Having installed the certificate, and upon requiring secure communication, public keys are forwarded to the counterparts.  In addition to the public key, certificate includes information about the encryption algorithm (RSA is generally used) that should be used in conjunction with the key, the key length, issuing certificate authority, issue and expiry dates, etc.


An applicant applies to the authority for the certificate.  Ideally credentials and integrity of the applicant should be verified by the authority before certificate is issued.  However, another piece of information that a certificate may include is the level of trust in the certificate or class of certificate.  This depends on the rigour of verification which could vary from simply issuing the certificate upon application to demanding physical presence of applicant or his representative and the relevant credentials for examination before certificate is issued.  Digital certificate is forwarded to the applicant online in a secure manner.  Certificate is encrypted by the authority using authority's private key and forwarded to the applicant along with authority's public key.  Applicant decrypts the certificate using authority's public key and install it on his computer.  The fact that certificate decrypts with authority's public key proves that it has come from the trusted authority.


In the context of online commerce, certificates enable trusted communication and resolve the issue of trust in network environment.  Network security is a major requirement of electronic commerce to the extent that customer trust is treated as a commodity and one that is vital for the success of online business.


How can you tell if a Website is using a digital certificate?





How does a browser decide whether or not to trust a certificate?





An organisation obtains a certificate for its Web server.  Is the certificate tied to an IP address?





An organisation has a number of departments.  Does it need to obtain a certificate for each of the departments? What is the strategy for certification of various computers within the organisation?





Roughly how much does a certificate cost?





Go to http://www.barnesandnoble.com.  What are their digital certificate details?