Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)
      9  4.3  PKI (Public Key Infrastructure)

Previous Topic/Section
4.3  PKI (Public Key Infrastructure)
Previous Page
Pages in Current Topic/Section
Next Page
Certificate Authorities (CAs)
Next Topic/Section

4.3.1  Certificates

A Digital Certificate is a digital ID card of sorts, much like a driver’s license. It binds a public key to a specific person, business, document, software etc, much like a driver’s license attaches your license number to the human being who is you. A digital certificate, signed with the Certificate Authority’s private key, includes:

  • X.509 certificate version (currently v1, v2 or v3).

  • Unique serial number for this certificate.

  • Signature algorithm ID.

  • Period of validity, including expiration date (after this date, the certificate will need to be renewed or replaced in order to continue to be used).

  • Certificate Authority which issued the certificate.

  • Name/identify of subscriber whose key is indicated by the certificate.

  • Subscriber’s public key.

A certificate is also considered to “contain” all documents referenced in it, even if those documents are not actually included in the certificate data itself.

Digital Certificate

A Digital Certificate is a digital “ID card” which binds a public key to the individual or item identified by the certificate.

Information included in a Digital Certificate includes the X.509 version, the unique serial number, period of certificate validity (including expiration date), name of issuing Certificate Authority, name of individual to whom the certificate belongs, and that individual’s public key.

Additionally, certificates aren’t limited to identifying humans. They can also be used for identifying systems and organizations. Some common types of digital certificates include:

  • Personal certificate – identifies a person

  • Server certificate – identifies a server, enabling a user to verify that server’s identity, and engage in SSL or TLS-based communication with it

  • Object-signing certificate – allows you to sign ActiveX controls, java applets, Microsoft .CAB files, etc. to securely identify the source of those files

Many Certificate Authorities offer different levels of digital certificates, which offer varying degrees of authentication. For example, a certificate user may have a higher degree of trust in a certificate when the certificate authority has received and verified business license information, credit card data, etc., but this extra effort is not performed in all cases. The certificate buyer chooses the level of the certificate they obtain. Why not always opt for the most trusted one, with the highest guarantee of authenticity? Because the more validation the Certificate Authority (see below) has to do when issuing the certificate, the more the certificate costs to obtain.

Quick navigation to subsections and regular topics in this section

Previous Topic/Section
4.3  PKI (Public Key Infrastructure)
Previous Page
Pages in Current Topic/Section
Next Page
Certificate Authorities (CAs)
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.