Understanding Digital Certificates

Digital certificates are often used by the web browsers to transfer information in a safer way over the Internet. Apple Safari also makes use of digital certificates, if issued. A digital certificate represents your digital entity and the information associated with that entity. The associated information may include your name, address, contact number, business details or anything else.

A digital certificate is made up of three components. The first one is the public key that is used to decrypt the information. The second component is the identity of the organisation that signs the digital certificate and validates its authenticity. Such organisational identity is technically known as Certificate Authority or CA. The last component of the digital certificate is the actual information that the CA associates with your digital entity.

Usually a digital certificate is restricted for particular use such as digital signatures, encryption, use with web servers etc. The process of restricting the certificates for a specific purpose is called ‘key use restriction’. This is done so that a particular type of certificate cannot be used for any other task. If someone attempts to use a restricted certificate for any unassigned task then the attempt will simply fail. However, it is possible to use a single certificate for different purposes but it is not recommended as this liquidates the security. Obviously these type of security measures are especially helpful for ecommerce sites selling things like furniture, TVs, game consoles, washings machines etc., since valuable credit card information will be exchanged to purchase items from the site. Time constraints are also imposed on the digital certificates. A certificate remains active only for a limited time period and beyond that it gets expired and needs to be replaced with a new one.