A digital certificate is a type of file used to associate cryptographic key pairs with entities such as websites, individuals, or organizations. If public trust is required, a trusted Certificate Authority (CA) like SSL.com validates identifies and associates them with cryptographic pairs via digital certificates.
The key pair mentioned consists of a public key and a private key. The public key is included in the certificate, while the private key is kept secure. The owner of the private key can then use it to sign documents, and the public key can be used to verify the validity of those signatures. Third parties can also use the public key to send encrypted information, which only the owner of the private key can encrypt.
A common format for digital certificates is based on the X.509 standard. An X.509 digital certificate consists of a public key, digital signature, and other information about the identity of the entity associated with the certificate, as well as information about the CA.
When an individual, website, or organization is looking to obtain a digital certificate, they submit a certificate signing request (CSR) with the public key and information to be validated. A publicly trusted CA will then validate the information and sign it with an intermediate key that chains to a trusted root certificate. The issued certificate can then be used as a credential for websites, client authentication, code signing, document signing, or more, depending on the type of certificate issued.
An SSL/TLS Certificate is a type of digital X.509 certificate used to secure a website via the HTTPS protocol.
An SSL/TLS certificate includes a public key, the domain name(s) it is intended to protect, and, depending on the validation level used, may also include information about the entity that owns and operates the website (such as a business name). For a publicly available website, it is important that its SSL/TLS certificate be signed by a publicly trusted CA like SSL.com. The CA validates the applicant’s control of the domain name(s) that the certificate will cover, and any additional information about the business or other entity controlling the website that is to be included in the certificate. For more information about the different validation levels (DV, OV, and EV), please read this article.
Once a website is protected by an SSL/TLS certificate signed by a publicly trusted CA, web browsers will assume that the website is legitimate. The website’s certificate and private key can then be used to establish a secure, encrypted communication session between a user’s web browser and the site. This added security can have a number of benefits, including information security, assurance, added trust, and even some SEO benefits.
Note that it is also possible for SSL/TLS authentication to be mutual; a website may require a user to authenticate themselves with his or her own client certificate.