Considerations When Selecting Your PKI Certificate Authority

The original use of PKI or Public Key Infrastructure dates back a long time before SSL (Secure Sockets Layer) and long before the public use of the internet. In fact, it was first developed by the British Intelligence Agency in the early part of the 1970s as a way to provide a secure exchange of information. As this was top secret and classified, it was not even acknowledged by the British Government until the middle part of the 1990s and the general use of SSL certificates for website security.

There are many different reasons why a business or an individual may need to use Public Key Infrastructure technology. It is a highly effective way to create secure and authenticated access to specific documents, particularly when viewed through a web browser. It also provides a low cost and highly effective way to bind emails and internet transactions to only be accessible by specific users with the corresponding certificate.

The Keys

As with all types of transmissions using SSL/TLS technology, PKI uses a combination of public and private keys. As with Secure Sockets Layers or Transport Security Layer certificates both keys are used in the encryption and decryption process. This ensures both entities are authorized to have access to the document.

Each PKI Certificate Authority will generate a set of keys that are mathematically related but not identical. These key are random strings of numbers. The public key is kept publicly in a directory while the private key is completely secure and is never shared.

Digital Signatures

In addition to the encryption and decryption features offered by the PKI Certificate Authority, there is also the option to provide what is known as a digital signature. This is more complicated than simply encrypting and decrypting information based on a unique and individual coding system, but it provides the same type of security.

What a digital signature allows is for the encryption of the email with the private key of the sender. This "locks" the email and sends it in encrypted form in what is known as a hash with the original message. The hash is then accepted by the receiver's email system and decrypted with the public key. The hash copy, which can be compared to the original copy, verifies the information is free from any alternations through man-in-the-middle or other types of tampering.

Of course, the user doesn't do the verification of the two version sent. Instead the computer automatically does this when the email is received. If the two do not match, the system will automatically note the difference and notify the user the digital signature has failed.

This absolutely guarantees a message that is sent and digitally signed is authentic and from the specific user. This is critical for businesses transferring legal documents or protected material as it binds the sender to the message for full verification of both authenticity of the message and verification of the person sending the message.

Reputation and Expectations

One of the most critical aspects in selecting a PKI Certificate Authority is to choose a company with a top reputation. This means that they are a recognized and trusted CA (Certificate Authority) and have their root certificates embedded with browsers and devices.

At Comodo, we are the world's largest Trust Provider. We provide PKI certificates and SSL/TLS products for large and small companies as well as a for individuals. We strive to have a top online reputation for both our security products as well as our customer service. A quick search for reviews from our customers will give you a good idea of just why we have become the best.

If you would like, you can read our CPS or Certificate of Practice Statement. This provides the public with our complete protocol for verifying applications to be able to produce the various Digital Certificates, including the PKI. We also include the full scope of services we will provide, something that is important for our customers to know throughout the lifecycle of their certificate.

At Comodo, we believe in internet security. We also believe everyone has the right to share and send information without having to worry about the message being intercepted and read or altered. For personal use, we provide a free certificate to secure email. For corporate use, we offer extremely low-cost options that provide a level of security that is over and above your SSL/TLS certificate for the domain and subdomains.

To learn more about our role as a PKI Certificate Authority, talk to our sales staff at +1 888 266 6361. You can also message us through our online chat system at or read through our resource and knowledgebase sections to learn more.

Related Articles
Back to TOP