Links may not function; however, this content may be relevant to outdated versions of the product.
Authentication with a digital certificate
This presentation is part of the Authentication Overview Self-Study Course.
A digital certificate is like an electronic "credit card" that establishes your credentials for transactions on the Web. Similar to a credit card company, there is a trusted third party that guarantees the transaction. The digital certificate is used to verify that a public key belongs to an individual. There are two schemes in use for signing digital certificates:
- Public Key Infrastructure: In a public key infrastructure (or PKI) scheme, the digital signature will be a certificate authority (CA). This trusted third-party guarantees, with their signature, that the holder of the certificate is who he says he is.
- Web of Trust Scheme: In a web of trust scheme, the signature is either the user (a self-signed certificate) or other users ("endorsements"). The signature on the certificate is attestations by the certificate signer that the identity information and the public key belong together.
Besides the name and the public key of the certificate holder, digital certificates contain a serial number and an expiration date, which means digital certificates have to be renewed periodically.