Digital Certificate
[edit] What is a Digital Certificate?
A digital certificate is an electronic fingerprint used to verify identities. They allow secure communication to occur.
[edit] How it Works
Say you start a web site and want to enable SSL. In order to do this, you must first create a digital key. From this key, you generate what is called a Certificate Signing Request, or CSR. This CSR is sent to a Certificate Authority, or CA, who then sends you a public certificate. This public certificate is then exchanged with others when they want to verify your identity.
When you fire up a request to a secure web server, your browser and the web server send each other their public certificates. The browser carefully scrutinizes the certificate. It verifies that the server name in the certificate matches the address you typed. It also makes sure that the certificate is not expired. Another security-conscious check is verifying the Certificate Authority who signed the certificate. Browsers come with a default list of valid CA's. The list itself is called a bundle. This list includes companies such as Verisign and Thawte. In order to have a certificate signed by one of the companies in the default list, you often need to pay lots of money. This isn't always desired, especially if you are running a small site. If a certificate authority not in the list created the certificate, your browser will warn you that the certificate authority cannot be trusted.