In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth.
The certificate can be used to verify that a public key belongs to an individual.
Digital Certificate is an attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.
Digital certificate provides a high level of security for online communication such that only intended recipient can read it. It provides authentication, privacy, non-repudiation and integrity in the virtual world.
An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority (CA). The CA issues an encrypted digital certificate containing the applicant’s public key and a variety of other identification information. The CA makes its own public key readily available through print publicity or perhaps on the Internet.
The recipient of an encrypted message uses the CA’s public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender’s public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.
The most widely used standard for digital certificates is X.509.
Contents of a typical digital certificate
Serial Number: Used to uniquely identify the certificate.
Subject: The person, or entity identified.
Signature Algorithm: The algorithm used to create the signature.
Issuer: The entity that verified the information and issued the certificate.
Valid-From: The date the certificate is first valid from.
Valid-To: The expiration date.
Key-Usage: Purpose of the public key (e.g. encipherment, signature, certificate signing).
Public Key: The public key.
Thumbprint Algorithm: The algorithm used to hash the certificate.
Thumbprint: The hash itself to ensure that the certificate has not been tampered with.