Digital Certificates

Learn about the importance of digital certificates in providing credibility to various entities, including how to create them and their properties.

Digital certificates are a way to give entities digital identities. It’s the digital equivalent of signing paper checks.

Creating a public-private key

First, a public-private key pair needs to be made to create a digital signature. There are several tools—both open source and vendor—available to do this.

Importance of the private key

The private key used to create digital certificates needs to be protected, and the keys for those certificates shouldn’t be exportable. This means the private key can’t be extracted from the certificate. If the key can be copied, it’s difficult to verify the authenticity of anything done with the key, such as authentication or code signing.

Generating a certificate request

The next step to obtain a digital certificate is to generate a certificate request, also known as a certificate signing request (CSR). The private key is used to generate a CSR and once created, it’s sent to a certificate authority (CA). The CA needs to be trustworthy if we want other people, software, web browsers, and operating systems to consider any certificate it creates as valid. By default, web browsers trust a slew of certificate authorities, meaning any HTTPS website that uses a certificate signed by one of these trusted CA’s is also considered trustworthy by proxy.

Note: Have a look at the list of CA’s that your web browser trusts by going to the browser settings. You might be surprised at some of the CA’s that are trusted by default.

Get hands-on with 1400+ tech skills courses.