The Basics Of PKI Certificate Implementation

For a small business in a local market or even for a completely online e-commerce site, using PKI certificates of different types is no longer just a possibility, it is a necessity. Even if you don't know the meaning of SSL you know that customers are actively seeking out websites with that iconic padlock and the secure, encrypted transmission of data.

This is one type of PKI certificate implementation that can be done on a small or a large scale depending on your needs. There are several different types of SSL/TLS products offered by Comodo to accommodate the needs of any company or e-commerce site.

All PKI certificate implementation is designed to be simple and straightforward. While it is recommended that with many of the more complicated and elaborate SSL/TLS needs for multiple domains an IT professional complete the request and the installation, this is not always necessary.

At Comodo, we provide a step-by-step guide to each type of PKI certificate implementation including Certificate Signing Request generation and installation on all types of server platforms. With just a basic understanding of the technology, most people using our reference guides in the knowledgebase area will be able to complete the installation on their own.

Types of PKI Certificates for Domains

All SSL/TLS products use Public Key Infrastructure as the framework to encrypt and decrypt information. It is also used to create a digital signature with the Personal Authentication Certificates and Client Email Certs.

However, for domains, the use of Public Key Infrastructure is to encrypt and decrypt information being sent from the client (browser or device) to the server. This system uses a set of keys that are generated with the Certificate Signing Request. The private key remains with the applicant and is not shared with the Certificate Authority (CA).

The Certificate Authority receives the application for a certificate from their website. This will include the name, location, organization information and other relevant details based on the level of validation required.

There are three levels of validation possible for domain SSL/TLS products. The most basic is the domain level, where the Certificate Authority validates the domain is registered to the person or entity making the application. The organization level covers the domain level plus verifies the company or individual is verified. This is typically done through checking various trusted online databases.

The third level, the EV or extended validation includes a more thorough investigation into the validity of the company. This is the highest level of SSL/TLS cert available and it is only possible for companies, not individuals.

In addition to levels of domain PKI certificates, there are also different types. Wildcard certs secure the main domain and all subdomains. UC certificates are specifically designed for use with Microsoft Exchange and Office Communications servers and include domain and subdomain security.

Multi-Domain Certificates use Subject Alternative Names as do the UC certificates to secure multiple domains with one certificate, making management easy.

Personal and Email Certificates

To encrypt and digitally sign email, it will be important to use Personal Authentication Certificates. This type of PKI certificate implementation may also be known as Client Email certs or S/MIME (Secure Multipurpose Mail Extensions) certs.

These are digital certificates from a Certificate Authority that bind the keys to a user and an email account through a device. The allows the sender to digitally sign an email that is encrypted and can be verified as coming from the sender and being free from any tampering or modification after leaving the sender.

This is done through the same Public Key Infrastructure methods that are used as the framework for securing websites. Private and public keys provide encryption and decryption, but here it is the private key that creates the digital signature.

This system allows for full authentication, integrity and confidentiality of the message. Additionally, to provide a legal document, the system can also be used to ensure non-repudiation. In other words, the sender cannot say that the message was not sent by them or that it was somehow altered, the same level of security that a personally signed document has in a court of law.

The use of PKI certificate implementation by companies of all sizes is an important consideration. Without using PKI infrastructure nothing transmitted from a website or through an email could be secured in a reliable and trusted way. Of course, this all happens through the use of the certificates provided by Comodo and other top Certificate Authorities.

For any questions you may have about PKI products and how they can be used, give us a call at +1 888 266 6361.We are also available online through our live chat system at

Related Articles
Back to TOP