The Important Of PKI Certificate Validation
The most important aspect of doing business online, either as a customer or as the business, is to have a sense of trust with the other entity in the transaction. This is true if you are making a purchase, but it is also true if you are sharing personal information online. Providing something as basic as your name and email needs to be secured, which is where SSL/TLS products become critical.
However, there is more than one way to share information online. When sending documents, contracts or other types of information via email, it is important to be able to provide secure transfer of that information as well.
There is a complete range of PKI certificate options that provide for digital certificates to protect and secure data transferred between clients and servers (or websites and servers) as well as between servers. There are even PKI certificates to secure the transfer of data in encrypted form in emails and also to provide digital signatures and authentication.
This entire process relies on a third party, the Certificate Authority or CA, playing the role of a trust provider. This is what we do at Comodo; we use our trusted name to vouch for or validate your domain, subdomain and email. This allows two previous unknown entities, such as an online shopper and an ecommerce site to have confidence in each other.
In the same way, it allows known or previously unknown individuals to share highly sensitive information in emails, including contracts and legal documents, and have the confidence to trust the sender is authentic and the information contained within the email has not been altered or tampered with during the transmission.
How it Works
All PKI certificates operate using SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols. This uses public and private keys to encrypt and decrypt the information. The private key is only on the server or servers the website points to, protecting anyone else or any other server from being able to "read" the data.
With email, the PKI technology also allows the sender to attach a digital signature verifying the authenticity of the sender and "locking in" the encrypted form of the message, known as the hash message. This is then transmitted with the original message and decrypted by the receiver's public key. The email client automatically checks the two messages and notifies the recipient if the message has been altered in any way.
The Validation Process
The PKI certificate validation is the way the CA is able to verify the authenticity of the website or the email sender. With a domain or subdomain SSL/TLS products there are different types or levels of PKI certificate validation.
The most basic type is the domain level validation. This allows the CA to check the name on the WHOIS listing for the domain against the information provided on the application. When this matches the CA can provide a certificate at this level that says the applicant for the certificate was the entity or person listed and that all the other information matched.
At the organization level PKI certificate validation there are additional requirements to verify not only that the domain level matches are in place but also the business or personal information matches specific types of databases.
The extended validation is much more complex and requires that the CA verify business information at a more substantial level. This is the highest level of PKI certificate validation and will include the green address bar and additional information about the CA and the business in the address bar behind or in front of the iconic green padlock.
With email PKI certificate validation there are different options based on if it is for personal or business use. These include the user providing a name, email address and country as well as choosing a private key bit size. At the same time, you will be asked to create a revocation password that will be required should the certificate security or the key ever become compromised.
This certificate will then be used to create digital signatures as well as to secure the transmission of data in emails. With fully encrypted email everything you send will be private with only those with the corresponding key able to access the decryption feature to be able to see the contents.
At Comodo, we provide full information on our PKI certificate validation protocols and procedures for all of our SSL/TLS and PKI products. If you need additional help in making a choice, don't hesitate to get in touch at https://www.instantssl.com or by phone at +1 888 266 6361.