LIS 525 - Certificates
Certificate authorities issue digital certificates
and validate the holder's identity and authority.
Each certificate contains an individual's or organization's
and other identifying information
and is "signed" cryptographically.
The recipient uses the certificate authority's public
to decrypt the sender's public key
attached to the message.
The sender's public key is then used to decrypt the actual
(which could only have been encrypted
with the sender's private key).
For pointers to some certificate authorities, see
Advantages of Digital Certificates
Installing a digital certificate on your server lets you
- communicate your site's authenticity to browsers, and
- keep private communications private.
If visitors to your site use personal certificates,
- instant log-in is facilitated, and
- later repudiation of transactions is prevented.
Verisign charges US$995 for a one-year 128-bit package.
But it probably pays to shop around.
offers a simple form of certificate
at US$19.99 per year.
If you are willing to share a certificate with the hosting service,
it may cost nothing extra.
How Server Certificates Work
If you have a digital certificate on the server side,
the following series of events occurs
when a browser accesses a secure page on your site
(often with the https protocol
instead of just http):
- the server sends the browser the site's digital certificate
- the browser generates a unique session key
to encrypt all communications with the site
- the browser encrypts the session key with the site's public
- the browser sends the encrypted session key to the server
- the server decrypts the session key,
thus establishing encrypted communication.
For More Information
Last updated October 19, 2007.
This page maintained by
Prof. Tim Craven
E-mail (text/plain only): firstname.lastname@example.org
Faculty of Information and
University of Western
Canada, N6A 5B7