A digital certificate is an attachment to an electronic message used for security purposes, most commonly to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.
An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority (CA). The CA issues an encrypted digital certificate containing the applicant’s public key and a variety of other identification information. The CA makes own public key readily available through printed material or perhaps on the internet.
The recipient of an encrypted message uses the CA’s public key to decode the digital certificate attached to the message, verifies it as issued by the CA, and then obtains the sender’s public key and identification information held within certificate. With this information, the recipient can send an encrypted reply.
Clearly, the CA’s role in this process is critical, acting as ago-between for the two parties. In a large, distributed complex network like the internet, this third-party trust model is necessary as clients and servers may not have an established mutual trust yet both parties want to have secure session. However, because each party trust the CA, and because the CA is vouching for each party’s identification and trustworthiness by signing their certificates, each party recognizes and implicitly trusts each other. The most widely used standard for digital certificates is X.509.