#Cryptography #Basics #Types #Digital #Certificates
Now let’s take a look at the types of digital certificates that we have earlier i mentioned when alex wants to receive a digital certificate she has to provide some information to the certification authority and she has to identify herself too so she provides some identification cards or something for the certification authority to
Verify them so when certification authority receives the information that they need to put in digital certificate they get all that information including the public key and then they send it through a hashing algorithm so they generate a hash file of all those information and then the next thing that they do they
Use their private key to encrypt or to sign that hash file that has been generated from the information and then once that hash file is signed or encrypted with the certification authority’s private key then they put that information in the digital certificate and then they send that to the requester
All of this verification and issuing a new certificate can be done by intermediate certification authority too so the intermediate certification authority can receive the information and they use their private key to sign the hash file and then they issue the digital certificate and then they have their public key attached to digital certificate
And that’s available publicly for other people to verify they receive certificates now who signed the intermediate certification authorities digital certificate so obviously that has to be the root certification authority so root certification authority signs or issues a digital certificate for intermediate certification authority and tell them hey
You can do the task and you can take care of issuing certificate from now on but then who signs the root certification authority certificate well a root certification authority is the top level certification authority so they sign their own certificate therefore it is called self-signed certificate and since
It is signed by the top level certification authority the certificate is a root certificate now this root certificate in a lot of time is offline for security purposes so the root certification authority has the root certificate they use that to sign a certificate for intermediate certification authority and
Then after that they take the root digital certificate offline and if they need to bring it online the device that stores this certificate comes online for a while and then goes back offline in this way they can protect the security and integrity of the root digital certificate now in addition
To root digital certificate we have other certificates we have domain digital certificate domain digital certificate is usually installed on a web server and they do that to perform two primary functions one to ensure the authenticity of the web server to the client so that when the client connects to a web server
They know that they are connected to the right web server and the second is to ensure the authenticity of the cryptography connection to the web server so that the client knows that their communication with the server is secure now there are four types of domain digital certificates we have domain validation extended validation
Wildcard and subject alternative names now domain validation verifies the identity of the entity that has control over the domain that means it only authenticates that a specific organization has the right to use the domain for example when you go to a website here when you look at the certificate then
It tells you okay this certificate is for example i’m on google.com it tells me that the certificate is googles.com certificate so i can be sure that i’m connected to google.com so if i need to provide some information or receive some information i know i am connected to the right server
The second type of certificate is extended validation now this is a domain certificate with extensive validation of the legitimacy of the business that means when an organization wants to request for a domain certificate they approach the certification authority and certification authority uh make sure that they verify a few
Things a little bit more than domain validation they check things like legal existence of the business the physical address of the business the operational presence of that business and so on so this kind of things is checked when they do extended validation now for you when
You look at a certificate how do you know that that certificate has extended validation when you go for example here into apple website if you see that the name of the organization shows up here next to the to this log that tells you that the certificate that they have here is an
Extended validation certificate the next type of certificate is wildcard certificate now wildcard is a type of certificate that validates a main domain and all of its sub domains for example here on apple’s website if i go and take a look at the certificate it tells me that this certificate is issued to www.apple.com
But when i go and look at the facebook certificate here when i click here and pick view certificate i can see that this certificate is issued to star.facebook.com that means the certificate is valid for facebook and any sub-domain of facebook so the certificate can be used for www.facebook.com apps.facebook.comchat.
Anything that is under facebook.com can use this certificate the fourth type of certificate that we have is subject alternative names now subject alternative name allows multiple domains to use the same certificate so for example if i go back to that let’s say google’s certificate if i click here certificate and go under detailed
And scroll down a little bit here you can see i have subject alternative names and when i click on that it tells me that this certificate can be used with all these domains that you can see here so that is a subject alternative name certificate now in addition to root certificate and
Domain certificate we have a more specific type of digital certificate which is related to hardware and software so here are some examples we have machine digital certificate now machine digital certificate is used to verify the identity of a device on the network for example a digital certificate can be used on the printer
To verify to the client that the printer is an authorized device on the network another type of certificate that we have is code signing digital certificate and that one is used by software developers to sign the program to prove that the program comes from the authorized entity for example here i have
Let’s go back to my computer and here i have uh nordvpn software so this is the setup file if i double click on this here you can see it says that this is from a verified publisher and that’s the name of the publisher so in this way i know that this piece of
Software is verified and it comes from an authorized source the third type of hardware and software digital certificate is email digital certificate and we use that to digitally sign and encrypt email messages so these are the three different types of certificates that we have we have root digital certificate we have
Domain digital certificate and hardware and software digital certificate and under each of these certificates like under domain certificate you saw we have four different types of certificates and under hardware and software digital certificate you can see that we have three types of digital certificates
0 Comments