Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Digital Certificate

1 min read
Pronunciation
[dij-i-tl ser-tif-i-kit]
Analogy
Think of a digital certificate like a driver's license or passport for the digital world. It's an official document issued by a trusted authority (the CA) that links your public identity (your name, website domain) to your public key, confirming that the key genuinely belongs to you.
Definition
An electronic document used to prove the ownership of a public key and verify the identity of an individual, server, or other entity. Digital certificates are issued by trusted third parties called Certificate Authorities (CAs).
Key Points Intro
Digital certificates are essential for establishing trust and verifying identities in online communications.
Key Points

Binds a public key to an entity's identity (e.g., a website's domain name).

Issued by a Certificate Authority (CA) after verifying the entity's identity.

Contains the public key, information about the identity, the CA's digital signature, and a validity period.

Used in TLS/SSL to authenticate servers to clients (and sometimes clients to servers).

Example
When you visit a secure website (HTTPS), your browser checks the website's digital certificate. If the certificate is valid and issued by a trusted CA, your browser confirms the website is authentic and establishes an encrypted connection. The little padlock icon in your browser address bar often indicates a valid certificate.
Technical Deep Dive
A digital certificate typically follows the X.509 standard. Key fields include: Subject (who/what is being certified), Subject's Public Key, Issuer (the CA), Issuer's Digital Signature (which signs the certificate content), Serial Number (unique identifier), and Validity Period (start and end dates). Browsers and operating systems maintain a list of trusted root CAs. When a certificate is presented, the browser verifies the CA's signature by tracing it back to a trusted root CA in its store, forming a 'chain of trust'. If the signature is valid and the certificate hasn't expired and isn't revoked, the entity is considered authentic.
Security Warning
Users should be cautious if a browser warns about an invalid, expired, or untrusted certificate, as this could indicate a man-in-the-middle attack or a compromised website. Organizations must protect the private key associated with their certificate; if compromised, the certificate must be revoked.
Related Terms
Public Key Cryptography
Public Key
Private Key
Digital Signature

Digital Certificate - Related Articles

No related articles for this term.