The Importance Of PKI Group Certificates

In the not too distant past, most business transactions, at least when it came to contracts and other formal arrangements, were done in person or at least with the transfer of documents for original signatures. This provided a legally binding document that could not be disputed by any party to the contract as to their agreement to the specific terms outlined.

Now, with even small companies doing business on a global scale, there is a need for speedy and immediate transmission of data. However, these messages and attached documents don't just need to get from sender to receiver quickly; they also have to be transmitted safely and securely.

SSL/TLS for Domains

This is really no different than the security needed to transmit data from a website (domain) to a server. With a domain, or subdomains, this is done through an SSL/TLS certificate.

Within the definition of SSL is the use of something known as Public Key Infrastructure. This is not a specific entity, but rather a framework for the secure transmission of data through a set of keys. These keys are long mathematical representations that are related, but not identical. Through the use of the keys and PKI framework, there is the ability to provide authentication, confidentiality, integrity, access control and non-revocation of the information provided.

With domain types of SSL certificate/TLS products, this is done through public key encryption at the client location and private key decryption at the server. Secure information only travels one way on a secure pathway created by the use of the Public Key Infrastructure.

There is also the need for a trusted and recognized Certificate Authority to generate the certificate and the public key. Not all Certificate Authorities are the same, so choosing a recognized provider such as Comodo does make a difference in the ability of your customers using all types of devices to access your website without any security notices or issues.

For Emails

Through a PKI group certificate protecting corporate emails, the process occurs in a slightly different way. The public key is used by the sender to encrypt the message and their own private key used to digitally sign. At the same time, a "hash" message is also created.

The encrypted message and the hash is then sent to the receiver. The receiver's email sees the message has a digital signature and uses the public key, made available by the sender, to decrypt the message. This is then compared to the hash message and, if there are any variations, a notice is provided by the system. This allows the receiver to be aware if the email was changed in any away after being digitally signed by the sender.

At the same time, the PKI group certificate uses digital signatures to create what is known as non-revocation. This is a way to provide protection to the receiver of the digitally signed email from the sender, at a later point, saying that he or she did not send the email.

This works because the PKI group certificate is bound to that specific email address as well as that private key. Both are accessed through a password and username on the email account known only to the sender. This ensures privacy and security for both the corporate environment as well as for personal email.

To make things even easier, the PKI group certificate can be revoked by the Certificate Authority should the owner of the email believe the private key or the certificate had been compromised. With large or small companies using the Comodo EPKI Manager or Enterprise Public Key Infrastructure Manager, it is easy to issue a new certificate for the employee and revoke the possibly compromised keys and certificate.

Additionally, every PKI group certificate is provided by a Certificate Authority that is a trusted source by browsers and devices. Comodo, as the world's leading Trust Provider, has root certificates that are recognized by 99.9% of devices and browsers, limiting any challenges or potential issues with having to manually add certificates to the trust store in a browser or on a device.

Our certificates, as with any Public Key Infrastructure products, also have an expiration date. This can be one, two or three years from issuance. Renewal is easy either through the EPKI Manager for companies or through our website for personal certificates for home use.

To talk to our sales team about prices, options and the benefits of using our PKI certificates and the Enterprise Public Key Infrastructure Manager, get in touch with us today. Feel free to give us a call at +1 888 266 6361 or drop by the website at for live chat help and support.

Related Articles
Back to TOP