A certificate is an electronic document that uses a digital signature to bind a public key with a person or organization. Identity verification uses multiple certificates in a chain of trust. The example of Alice, Bob, Cathy and Bart involves at least three certificates:
-
During the handshake with Alice, Bob presents his server certificate.
-
The Trust Store in Alice’s browser contains a copy of the root certificate that Cathy used to sign her own and Bob’s server certificates. The successful matching of the signature on Bob’s server certificate with the signature on Cathy’s root certificate allows communication to begin.
-
Bart also has a signed server certificate, but it was not signed by Cathy, therefore, his attempt to impersonate Bob is not trusted.
Each certificate contains metadata that identifies the certificate owner and the purpose of the certificate. Figure 9 shows a certificate as it appears in Windows 7.
The General tab identifies to whom the certificate was issued (axlicensing.tridium.com), who the trusted Certificate Authority (CA) was that issued the certificate (VeriSign), and for how long the certificate is valid (until 7/24/2013). It is typical for certificates to be valid for a year or two. It is unusual for a certificate to be valid indefinitely.
The Details tab provides more information, including the Subject, which is also known as the Common Name (CN). In addition to signatures matching, Server and client CNs must match for secure communication to begin.