Show Introduction to Digital CertificateThe following article provides an outline for Digital Certificate Types. Digital certificate types ensure the integrity of the data exchanged, be it between clients with servers or one client with another client or software seller with consumers. It resolves the privacy issues prevailing in internet communication ever since its inception and allows sender and receiver to transact in private mode in the public domain. It helps in identifying the entities involved in the data exchange and develops trust between the communicating parties. It provides a central mechanism of generating all types of certificates and consume them in authenticating the identity and ensuring no interception of data during the exchange. It doesn’t require a costly infrastructure to maintain certificate setup. Digital certificates are issued to an entity. Entity may be an individual or Organisation or Institution or Public company. It is administered by a separate agency known as Certificate Authority. Important attributes of the entity are embedded into the certificates along with the public key of the entity. The attribute includes name, location, and other personal information. A digital certificate is shared with the receiver of the communication who will authenticate it and get assured that the information had come from the right person. Digital certificates address the security gap in communication through digital signatures with the authentication and verification processes. Types of Digital CertificatesThere are three major types of Digital Certificates:
1. SSL/TLS CertificateIt is a server-based certificate and the server could be a mail server or application server or a web server or a file server or LDAP server. It ensures the data exchange between server and client takes place in a private and encrypted way. a. What is TLS/SSL?
b. TLS Certificate A typical TLS certificate contains Name of the applicant (Web Domain name, Server Name), Organisation name to which the server belong, Certificate Issuing authority’s name (CA), Additional information on the server, Date of issue/expiry, Public key of the applicant and the digital signature of the issuing Authority. c. How it works? Server sends its TLS certificate to the client whenever the client establishes a connection with it. Client,
With the above three methods client can feel reassured, trust the server and start safely and securely communicating with the server. d. Lacunae in TLS Though TLS certificates are considered to be safe, it has got few potential vulnerabilities as listed below to get compromised:
2. Code Signing Certificatea. What is it? While the TLS certificate is for establishing safe connectivity between servers and clients, this code signing certificate is used while downloading software or specific files from its source using the internet. The developer of the software or the publisher of the file will sign the certificates. b. Purpose
c. Who issues it? Certificate Authorities like IdenTrust, GlobalSign issue this certificate. The private key of the developer or software publisher is used to sign the code files and the consumer uses the public key of the developer to verify the publisher’s identity. d. Signing
3. Client Certificate
Conclusion – Digital Certificate TypesUsage of the internet is on the increase and we have to rely on it more to complete our day-to-day activities. Various types of Digital certificates provide security layers for all the use cases and protect our data from hackers. Recommended ArticlesThis is a guide to Digital Certificate Types. Here we discuss the introduction and types of digital certificates respectively. You may also have a look at the following articles to learn more – There are three types of SSL Certificate available today; Extended Validation (EV SSL), Organization Validated (OV SSL) and Domain Validated (DV SSL). The encryption levels are the same for each certificate, what differs is the vetting and verification processes needed to obtain the certificate. Over the last few years the number of organizations using SSL Certificates has increased dramatically. The applications for which SSL is being used have also expanded. For example:
With encryption, you are able to hide communications from a hacker but you cannot stop them from intercepting communications and posing as your website to steal information from your customers. As people move away from brick and mortar stores and increase their online shopping and banking habits, consumers have to be able to trust they are visiting the true website of the store they are shopping on. This is more difficult to prove online. You can prove your identity by having an external third-party (like GlobalSign) vet your personal and company information. Based on this verification or vetting procedure, SSL Certificates can be broken down into three categories. Extended Validation (EV SSL) CertificatesWith an EV SSL, the Certificate Authority (CA) checks the right of the applicant to use a specific domain name plus, it conducts a thorough vetting of the organization. The issuance process of EV SSL Certificates is strictly defined in the EV Guidelines, as formally ratified by the CA/Browser forum in 2007. All the steps required for a CA before issuing a certificate are specified here including:
The latest, and possibly most significant, advancement in SSL technology since its initial inception follows the standardized Extended Validation guidelines. New high security browsers such as Microsoft Internet Explorer 7+, Opera 9.5+, Firefox 3+, Google Chrome, Apple Safari 3.2+ and iPhone Safari 3.0+ identify Extended SSL Certificates and activate the browser interface security enhancements. For customers who wish to assert the highest levels of authenticity, this is the ideal solution. EV SSL Certificates are available for all types of businesses, including government entities and both incorporated and unincorporated businesses. A second set of guidelines, the EV Audit Guidelines, specify the criteria under which a CA needs to be successfully audited before issuing EV SSL Certificates. The audits are repeated yearly to ensure the integrity of the issuance process. Organization Validated (OV SSL) CertificatesThe CA checks the right of the applicant to use a specific domain name PLUS it conducts some vetting of the organization. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, giving enhanced visibility in who is behind the site and associated enhanced trust. Organization name also appears in the certificate under the ON field. Domain Validated (DV SSL) CertificatesThe CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal. While you can be sure that your information is encrypted, you cannot be sure who is truly at the receiving end of that information. DV SSL Certificates are fully supported and share the same browser recognition with OV SSL, but come with the advantage of being issued almost immediately and without the need to submit company paperwork. This makes DV SSL ideal for businesses needing a low cost SSL quickly and without the effort of submitting company documents.
|