The Relevance Of The PKI User Certificate

When it comes to online security and trustworthiness, there is a universally accepted framework or system that is in place and used across the internet. This is known as the Public Key Infrastructure and it has several key features at its core.

Public Key Infrastructure, more commonly known as PKI, is the central concept in the meaning of SSL. SSL and the new version TLS (Transport Layer Security) use Public key cryptography, or a set of paired keys, to encrypt and decrypt data. These keys are uniquely related to each other through complex mathematical algorithms. In reality, they are not keys but rather long strings of what appears to be random numbers. The private and the public key are used to decrypt and encrypt or vice versa, but the thing to remember is that they only work with each other and no other key or key set.

However, just having these keys alone would not provide either trust or security online as there would be no way to determine who or what owned the keys. This is where the PKI user certificate comes into the equation.

The Certificate

A central part of all SSL/TLS products, including Personal Authentication Certificates and Email or Client as well as code-signing certs is the use of these electronic or digital documents.

Think of the PKI user certificate as the title or the deed to your home or vehicle. While you need the key to get into your car or home or to lock it up for security, you also have to have the documentation to provide you are the rightful owner. This is the same type of security and validity that the SSL certificate provides to online security.

In the case of a PKI user certificate, the electronic document contains a bit more information. It does more than just prove ownership or trust in the domain or the email account, it also links or binds with the public key.

The Role of the Certificate Authority

The ability to bind the key to the cert and to validate the ownership or identity of the certificate holder is in the hands of a Certificate Authority (CA). CAs have to follow very specific rules in both validating the information and maintaining the security of their systems to provide this level of trust.

The CAs themselves are trusted by the major browsers and devices. In fact, Comodo has its root certificate embedded in the trust and certificate stores of all major devices and browsers. This allows the certificates we issue to be trusted and recognized by 99.9% of all browsers and devices.

This trust, in turn, is passed onto the certificates we digitally sign with our keys. In other words, the trust we have established online is granted to those certificates we validate. This is possible because we follow the AICPA/CICA WebTrust for Certification Authorities Principles and Criteria for validation and also continue to undergo independent third-party audits to ensure full compliance with all industry standards for Trust Providers.

To do our job we have to gather information from the applicant for the PKI user certificate. This information is collected through a Certificate Signing Request that is generated from the server, email client, browser or device where the certificate will be installed.

There are also different levels of trust or validation required going from the basic domain validation through to the most advanced EV or extended validation levels. Different PKI user certificate types can have different levels of validation.

The Advantage

The biggest advantage to the PKI user certificate is that it prevents someone from impersonating a user, as in an email cert, or from fraudulently impersonating (spoofing) a website. Only when the information provided by the certificate applicant matches known and trusted databases and other types of documentation will the certificate be granted.

The SSL/TLS product can be purchased for a year to three years. This will depend on the type of certificate and the choice of the applicant. The certificate and the keys will expire at the end of the term if the cert is not renewed. Even renewal means generating a new Certificate Signing Request or application so that the validation can be completed again for security purposes.

To learn more about the importance of adding a digital cert to your email or website, contact our sales team at Comodo. We are easy to reach by phone at +1 888 266 6361 or, if you prefer, text us through our live chat system. You can also read more about or SSL/TLS products at

Related Articles
Back to TOP