Enrolling for a Digital Certificate


Users may enroll for a Digital Certificate via the Web. Upon completion of   the necessary forms, the user's Internet Browser will create a Public Key Pair.   The Public half of the key pair is then sent to the CA along with all other   data to appear in the Digital Certificate, while the Private Key is secured   on the user's chosen storage medium (hard disk, floppy or hardware token, etc).

The CA must verify the submitted data before binding the identification data   to the submitted Public Key. This prevents an impostor obtaining a Certificate   that binds his Public Key to someone else's identity and conducting fraudulent   transactions using that identity.

If submitted data is in good order the CA will issue a Digital Certificate   to the applicant stated within the submitted information. Upon issuance, the   CA will enter the Digital Certificate into a public repository.

SSL Certificate Authority

Distributing Digital Certificates

As well as Digital Certificates being available in public repositories, they   may also be distributed through the use of Digital Signatures. For example,   when Alice Digitally signs a message for Bob she also attaches her Certificate   to the outgoing message. Therefore, upon receiving the signed message Bob can   verify the validity of Alice's Certificate. If it is successfully verified,   Bob now has Alice's Public Key and can verify the validity of the original message   signed by Alice.

Different types of Digital Certificate

Dependent on their usage Digital Certificates are available in a number of   different types:

  • Personal: Used by Individuals requiring secure email and web based     transactions.

  • Organisation: Used by corporates to identify employees for secure     email and web based transactions.

  • Server: To prove ownership of a domain name and establish SSL / TLS     encrypted sessions between their website and a visitor.

  • Developer: To prove authorship and retain integrity of distributed     software programs.

Different Classes of Digital Certificate

Digital Certificates are available in different classes dependent on the level   of verification carried out by the CA into the legitimacy of the information   submitted by the applicant. Generally speaking, the higher the class, the higher   the level of verification. A high level of verification could then mean that   the Certificate may be used for more critical functions, such as online banking   or providing ones identity for e-commerce transaction payment protocols.

Certificate class is tied closely with Certificate type. Low classes contain   little or no amount of personal information (for example just an email address).   Certificates belonging to such classes may be used for secure email, however   do prove impractical if being used by an organisation or web entity that requires   the Certificate to prove trust. Therefore the usage and applicability for specific   tasks for the Certificate is highly dependent on the class (level of verification   carried out by the CA).