Digital Certificates
Explore the role digital certificates play in verifying digital identities through public-private key pairs and certificate authorities. Understand how they secure networks via authentication and code signing, and learn the importance of protecting private keys and managing certificate revocation.
Digital certificates are a way to give entities digital identities. It’s the digital equivalent of signing paper checks.
Creating a public-private key
First, a public-private key pair needs to be made to create a digital signature. There are several tools—both open source and vendor—available to do this.
Importance of the private key
The private key used to create digital certificates needs to be protected, and the keys for those certificates shouldn’t be exportable. This means the private key can’t be extracted from the certificate. If the key can be copied, it’s difficult to verify the authenticity of anything done with the key, such as authentication or code signing.
Generating a certificate request
The next step to obtain a digital certificate is to generate a certificate request, also known as a certificate signing request (CSR). The private key is used to generate a CSR and once created, it’s sent to a certificate authority (CA). The CA needs to be trustworthy if we want other people, software, web browsers, and operating systems to consider any certificate it creates as valid. By default, web browsers trust a slew of certificate authorities, meaning any HTTPS website that uses a certificate signed by one of these trusted CA’s is also considered trustworthy by proxy.
Note: Have a look at the list of CA’s ...