Digital Certificates, bind an identity to a pair of electronic keys that can be used to encrypt and sign digital information. A Digital Certificate makes it possible to verify someone's claim that they have the right to use a given key, helping to prevent people from using phony keys to impersonate other users. Used in conjunction with encryption, Digital Certificates provide a more complete security solution, assuring the identity of all parties involved in a transaction.

A Digital Certificate is issued by a Certification Authority (CA) and signed with the CA's private key. A Digital Certificate typically contains the:

• Owner's public key
• Owner's name
• Expiration date of the public key
• Name of the issuer (the CA that issued the Digital Certificate)
• Serial number of the Digital Certificate
• Digital signature of the issuer

What are Digital Certificates used for?

Digital Certificates can be used for a variety of electronic transactions including e-mail, electronic commerce, groupware and electronic funds transfers.

For example, a customer shopping at an electronic mall requests the Digital Certificate of the server to authenticate the identity of the mall operator and the content provided by the merchant. Without authenticating the server, the shopper would not trust the operator or merchant with sensitive information like a credit card number. The Digital Certificate is instrumental in establishing a secure channel for communicating any sensitive information back to the mall operator.

When would you require a Digital Certificate?

If you are running a virtual mall, electronic banking website or any other electronic services website then customers may abandon your website due to concerns about privacy and security. A server with its own Digital Certificate assures users that the server is run by the organisation it claims to be affiliated with and that the content provided is legitimate.