Ans :
Digital certificates are electronic files that are used to uniquely identify people and
resources over the Internet. They enable secure, confidential communications between
two parties. Digital certificates are issued by CA (Certifying Authorities), such as
VeriSign or Entrust Technologies. A CA is a trusted entity whose main responsibility is
certifying the authenticity of users. There are four types of certificates available:
• Server Certificates: These types of certificates are used by web servers to
identify the company running the server and to allow encrypted SSL
sessions and SET (Secure Electronic Transaction) processing.
• Personal Certificates: These certificates are for individuals who want to
send SIMIME messages and access web servers using SSL and SET.
• Publisher Certificates: These are used by software authors to sign and
identify their release codes so that users will know of tampering, if it
happens.
• Certificate Information: All digital certificates include information about
its owner and the CA who issued it. A digital certificate includes the
following information: Name of the certificate holder and other identifying
information unique to the holder such as URL or e-mail address, holder’s
public key, name of the CA who issued the certificate, serial number of
certificate and validity period of the certificate (start and end date).
Public Key Cryptography
Digital certificates are based on public key cryptography, which uses a pair of keys
for both encryption and decryption. With public key cryptography, keys work in
pairs of matched “public” and “private” keys. The public key can be freely
distributed without compromising the private key, which must be kept by its
owner. Since these keys only work as a pair, an transaction done with confidential
public key can only be undone with the corresponding private key, and vice-versa.