** Digital Certificate **
What is a Digital Certificate?
Digital Certificates, also called Digital ID's, are the electronic counterparts to driver licenses, passports and membership cards. A Digital Certificate can be presented electronically to prove your identity or your right to access information or services online. Digital Certificates bind an identity to a pair of electronic keys that can be used for encrypting and signing digital information. A Digital Certificate enables individuals and organizations to secure business and personal transactions across communication networks.
What are Root Certificates?
A root certificate is the digital certificate of a certification authority. The public key in this certificate is used to verify the signature of the certification authority. With the corresponding private key the certification authority signs all certificates issued.
The root certificate confirms that the public key and the certification authority are linked. By downloading the root certificate the user accepts to trust the certification authority.
NOTE: GlobalSign will have both self-signed and non self-signed certificates because it uses the chaining :
· TOP Root --> which is self signed
· Primary Roots --> signed by TOP root
· Subordinate Roots (= operational keys) : signed by the primary roots
GlobalSign offers personal Digital Certificates and SSL server Digital Certificates as well as code signing Digital certificates:
· Personal certificates for use with applications like Netscape, Microsoft Internet Explorer or customer certification solutions (clients)
· Server certificates for use with secure web servers (merchants).
· Code Signing certificates for signing pieces of code.
Personal Digital Certificates are differentiated by what level of assurance they provide regarding a person's identity. The assurance level depends on how a person's identity is verified during the certification request process.
GlobalSign offers 3 classes of assurance (Class 1-3 Digital Certificates). GlobalSign follows the Digital ID assurance levels accepted throughout the industry.
GlobalSign provides identity assurance by requiring third-party verification of the name, address and other personal information of the person. GlobalSign will check the information that the user provides during the online certification request against some consumer databases.
Please note: As of August 2005 GlobalSign no longer offers Class 3 Qualified Certificates
With a personal Digital Certificate issued by GlobalSign for your compatible SSL (Secure Socket Layer) browser, you can identify yourself to web sites and be authorised to access private and protected information.
You can use your personal certificate for most low-value commercial transactions like online purchases and subscriptions and for encrypting.
With an S/MIME (Secure/Multipurpose Internet Mail Extensions) compatible e-mail reader, you can sign and secure your e-mail.
GlobalSign provides a Class 3 Certificate, which is the highest level of assurance needed by an individual, and you can use it for high-value commercial transactions such as electronic banking and share trading.
A Digital Certificate binds a public key to an individual or organisation. The binding of a public key to an individual or organisation is certified by a trusted source, GlobalSign.
Digital Certificates are based on Public Key Cryptography, a scheme that uses public and private key pairs.
The private key is known only by the owner and is used to create a digital signature. This key must be kept private at all times by the user. The public key is widely known and is used to verify the digital signature. Indeed, when you verify a digital signature, you want to know the identity of the person who has signed the message.
A public and private key pair has no inherent association with any identity, it is simply a pair of numbers. This association is achieved in a Digital Certificate that binds the public key to an identity.
A Digital Certificate makes it possible to verify someone's claim that they have the right to use a given key, helping to prevent people from using phony keys to impersonate other users. Used in conjunction with encryption, Digital Certificates provide a more complete security solution, assuring the identity of all parties involved in a transaction.
Digital Certificates contain the owner's public key, the owner's name, an expiration date, the name of the Certification Authority that issued the Digital Certificate, a serial number, and perhaps some other information.
What is a Certification Authority? A Digital Certificate is issued by a Certification Authority (CA) and signed with the CA's private key. GlobalSign is a trusted Certification Authority.
GlobalSign is responsible for the issuance and management of Digital Certificates. You can read the Certification Practice Statements(CPS) providing a detailed description of the policies and procedures that GlobalSign uses for issuing and managing Digital Certificates.
You can get a Digital Certificate by visiting the Certificate Services of GlobalSign.
Your request for a personal Digital Certificate with identity assurance is processed automatically after your identification is verified.
A request for a server Digital Certificate needs a higher level of assurance. In addition to an online request, more information is needed. Therefore, a request can take 3 to 5 days.
If you require a friends or a colleagues certificate but have not received a signed email from them, or if you would like to get their new public key to send them an encrypted email, you can find their certificate by visiting the Certificate Services of GlobalSign and follow the "Find a certificate" link from this page.
During this procedure you first search for their certificate and can then download it to your email client.
The potential of business opportunities and enhanced customer convenience services offered by the Internet is phenomenal. From home banking to network shopping and online information subscription services, security remains a growing concern.
Governing access control through the use of a simple password is no longer thought to be adequate. Controlling access through the use of a known quantity, the password, in addition to a possessed entity, the digital certificate, is much more secure.
More and more companies doing business on the Internet are awakening to this reality and requiring the use of digital certificates by their customers.
However, it's not just online consumers that will need digital certificates, businesses operating electronic commerce servers on the Internet will need digital certificates as well.
Here, because of the identity verification performed by the Certification Authority before issuance, the presence of a digital certificate will attest to the integrity of the business, thus providing online consumers with assurance that they are dealing with a legitimate business.
Digital Certificates meet the requirements for the following applications:
· Privacy and confidentiality -- organizations want digital certificates for message encryption and decryption.
· Integrity, authentication, and non-repudiation (digital signing/verification) -- organizations plan to use digital certificates for digital signing of messages to establish the identity of the sender and establish that messages have not been tampered with.
· Access control -- will require digital certificates, whether in browsers, on disks or on smart cards, to control access to facilities, Internet sites, Intranets, and other digital networks.
· Proof of document transmission (time stamping)-- organizations need to use independent time stamping authorities to verify dates and times of critical messages for legal and commercial uses.
· Document archive and retrieval -- organizations need to use digital certificates to validate that stored messages have not been altered and to provide controlled access to authorised individuals.
· Identification and privileges -- organizations will require digital certificates to establish their rights and privileges, for instance, for licensing purposes.
Basically all common applications supporting x509 v3 certificates :
· Netscape Navigator v3.xx or higher
· Netscape Communicator v4.xx
· Microsoft Internet Explorer v3.02 or higher
· Opera
· many more...