How do they work?

How Do Digital Certificates Work? (Tom Holleman)

Obtaining a Certificate

An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority (CA). The CA gathers information about the individual and/or the company they work for in order to authenticate their identity. If the applicant checks out, the CA issues them two keys: one public (available to all other users) and the other private (known only to the user). These keys contain a variety of identification information about the user, the CA, and the certificate itself. The CA makes its own public key readily available through print publicity or perhaps on the Internet.

Of course, the customer is charged by the CA for these services.

Using a Certificate

The sender encrypts the messages/documents with his/her private key. The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.

Certificate Expiration and Revocation

Digital certificates are always issued with an expiration date, after which they are no longer functional, unless renewed. A common term is one year.

If a certificate's life needs to be ended before the expiration date, it can be revoked. Some examples of why this must be necessary include: terminated employee, stolen certificate, stolen computer with certificate.

Home Digital Certificates Firewalls Cryptography SSL JAVA