A General Review Of PKI Certificate Types For Non-IT Professionals

If you are not an IT professional wading into the waters of buying SSL/TLS products can seem like you are drowning in technical terms and challenging concepts. However, if you have just a basic understanding of the meaning of SSL and what you need, we can help to find the correct product for any budget and any needs.

First, let's start by looking at Public Key Infrastructure. This is not a specific "thing" as in a program or a software component, but rather it is a framework to create security for online transactions. This can be in sending personal and private information from a website to make an online purchase to sending an email that is encrypted and digitally signed.

Public Key Infrastructure uses two important central factors. One is the use a Certificate Authority. Comodo is a Certificate Authority (CA) and, in fact, is the world's largest Trust Provider. A CA is a third party that meets the standards outlined through the AICPA/CICA WebTrust for Certification Authorities Principles and Criteria. This allows the CA to be able to validate or verify that the entity applying for the PKI certificate is trusted. The certificate issued for that entity will be trusted because the CA is trusted.

The entity, which could be a person, group, agency, organization or business, provides specific information to the CA. This information this then verified or validated to different levels with data found in databases from trusted sources. The higher the level of trust required, with the highest being the EV or extended validation, the more in-depth the validation process will be.

The second component is what is known as Public Key Cryptography. This is the use of a pair of mathematically related but different keys. Keys are long strings of what appear to be random numbers. These keys only recognize their one unique "paired key." In other words, a public key and a private key can only work with each other, one to encrypt data and one to decrypt that data.

PKI Certificate Types

Without adding too many layers of complexity, think of the PKI certificate types as falling into two categories. One is for domains (websites) and one is for email. Both use Public Key Infrastructure in the SSL/TLS certificates, but they are slightly different because of how they use the key pair.

With the domain PKI certificate types, the private key and the Certificate Signing Request are generated on your server. The private key never leaves your server unless you are using the certificate on more than one server in your network.

The Certificate Signing Request is submitted to the CA and an installation file will be sent back to you. With Comodo, this will take just minutes. The cert and the private key are then installed on the server.

The public key is used to create a secure pathway between the browser and the server, then to encrypt the information from the website. The private key on the server is used to decrypt the information. Should this data be intercepted in some form it is unreadable as the hacker will not have the private key to complete the decryption.

The PKI certificate types for domains include single domain certificates at the domain, organization or extended validation levels. There is also a Wildcard cert that can be used to secure a main domain and all associated subdomains.

Multi-Domain certs use Subject Alternative Name to allow as many as 100 domains and subdomains to be secured with the same certificate. The UC certificate is a specialized type of product used specifically with Microsoft Exchange and Office Communications servers.

Email Certificates

Email, client or Personal Authentication Certificates are used to encrypt and digitally sign email. These are a bit different in that the encryption for the email is done using the recipient's public key, which they will send to you to enter in your certificate store. Then, when they receive the email, only their private key can complete the decryption. Digital signatures work with your private key creating the signature and a "hash message" or a mathematical representation of your message.

When this encrypted and digitally signed messages arrives to the recipient they use their private key to decrypt, your public key to read the digital signature and hash and then the system compares the two. If they match the email is legally valid, untampered and offers non-repudiation.

To learn more about the various PKI certificate types and how they can work for you, give us a call today at +1 888 266 6361.You can also read more online or chat with use through text from the site at https://www.instantssl.com.

Related Articles
Back to TOP