A Guide To PKI Certificate Download Options
It can sometimes be confusing to those new to online security to hear the terms PKI (Public Key Infrastructure) and SSL (Secure Sockets Layer) used interchangeably or sometimes just one or the other. It can get even more confusing when there is the term TLS or Transport Layer Security thrown in for good measure.
In the most basic sense, Public Key Infrastructure makes up a part of SSL/TLS. SSL and TLS are the same technology with TLS being the newer and upgraded version of SSL with enhanced security features. SSL/TLS uses PKI as a way to transmit and share information that is encrypted and decrypted to ensure security and trust.
The Basics of PKI
All Public Key Infrastructure provides a framework to encrypt and secure data transmitted between two different users or components in a system. This can be two people, as found it the exchange of email, or between a client and server in the case of sending data through a website to a server via a web browser or device.
It is also possible to have two servers exchanging information. This is very common as often email and other data goes through more than one server to get from the originating point to the end point.
By having the data encrypted through a PKI certificate download and the use of public and private keys to transmit and decrypt the information, there is no risk of man-in-the-middle attacks.
The man-in-the-middle attack includes a third party interception the information going from Point A to Point B. This interception can include altering the original information or gleaning information both parties are providing to each other in assuming they are talking directly to each other as a trusted source.
The use of SSL/TLS certificates and PKI certificates prevent this from happening. The SSL version of the PKI certificate download, as well as the email and signing authentication, create both a secure transmission of encrypted data (for domains and subdomains) as well as a digital signature (for email). Without the private key pair of the PKI system, which is on the server or the device respectively, the data transmission cannot be encrypted or can be easily detected as being altered during transmission.
The Trust Issue
For domains and subdomains having a PKI certificate download on the server ensures that data encrypted on the website with the public key cannot be decrypted except for by the private key on the server. This file where the private key is stored is completely inaccessible to anyone, creating the top level of security.
A CA or Certificate Authority is a third party source providing the PKI certificate download files. This includes the SSL certificate as well as the public key. The IT administrator, website manager or the website owner has to first generate a Certificate Signing Request from the server to obtain the certificate and key combination. This also generates the private key which is never shared, even with the CA.
Upon submitting a request for the specific SSL/TLS product the CA then sends back the installation files in a PKI certificate download. At Comodo, this literally happens in minutes. Upon installation of the certificate and the private key on the server the site is secured.
With email, it is a bit different. The email PKI certificate download occurs automatically on the device and binds the specific user to the certificate and to the device. This is known as two-factor authentication as the device has to have the certificate and the private key and the user has to provide a username and password to send something with a digital signature.
The recipient of the email uses the public key for the decryption. The message sent it the email is then checked against the encrypted (hashed) message to ensure nothing has been tampered with.
This ensures trust in two ways. It verifies both the authenticity of the sender as well as the content of the message. For contracts, legal documents and other types of documents exchange online this is a requirement to ensure this level of trust.
To help understand the value of using PKI technology for a website or email security, talk to our sales team at Comodo. Having just one or the other may not be providing your company, business, employees and clients with the full level of security and trust needed for online transactions.
For more information, contact us by phone at +1 888 266 6361 or read more on the website at https://www.instantssl.com. You can also contact us by live chat from the website for quick answers to any questions you may have.