What are certificates?

Показать описание

Download the PDF handout

What is a certificate?
A certificate is an electronic document that contains data fields. When compared to a traditional paper certificate there are some similarities between an electronic certificate and a physical certificate. Digital certificates like a physical certificate are issued by an authority. For example, a university may issue a certificate to a student to show that they have completed the necessary work in order to graduate. The next question is, would you trust a physically certificate? Digital certificates work the same way. They are issued from an authority and the question becomes would you trust the authority that issued the certificate? Electronic certificates also contain other fields like who or what the certificate was issued to, how long it is valid, the public key and the digital signature. If a digital certificate is presented to a user or computer, the user or computer is able to check the certificate to ensure the person using it should be using it. Also the certificate contains a digital signature which allows the certificate to be checked to make sure it has not been modified.

Digital Signature
A digital signature provides a method for a certificate to be checked to ensure it has not been modified. In order to do this, a hash value is created for the certificate. To generate a hash value the certificate is put through a function to create a single value. Hash functions are designed so different certificates will not produce the same value, however the hash value cannot be used to generate the original certificate. The same principal applies to a person's fingerprints. They can be used to identify a person, however using a finger print you could not work out the features of a person like what color hair they have. When a certificate is created, the hash value for that certificate is also created. Using a function involving the private key, a digital signature is created and added to the certificate.

Digital Signature Example
When a certificate is used, in order to check the certificate has not been changed, the following is done: The computer generates the hash value for the certificate. Next, the digital signature is put through a function using the public key which should result in the same hash value. If both values match, the certificate has not been modified. This prevents a 3rd party taking a certificate, changing the values in the certificate and using the certificate.

Trust Model
Certificates work off a trust model. An example of a trust model in computers is that a computer may have a sticker on it indicating which operating systems it will run. The consumer, seeing this sticker, must trust that the manufacture would not put this sticker on the laptop unless it will run that operating system. The customer must also trust the creator of that operating system would not allow a computer manufacturer to put a sticker on a computer that would not run that operating system.

Certificate Trust Model
Certificates are generally deployed in a hierarchy. At the top is the root certificate authority. This can be an internal Certificate Authority or an external authority like VeriSign. When an authority like VeriSign issues a certificate, they will perform a number of checks on the individual purchasing the certificate to ensure that they are a valid business. When a certificate is used it can be checked to see which authority issued that certificate. In order for the certificate to be used, the computer must trust the authority that it was issued from. Authorities like VeriSign are trusted by default on most operating systems.

Certificate Error
If a certificate is presented to the computer and it is not trusted, the computer will generate an error asking if the users want to trust the certificate. It is up to the user to decide if they believe the certificate is valid.

Certificate Hierarchy
Certificates use a hierarchy. At the top is the root CA, below these are subordinate CA's. Any level can issue certificates to subordinate CA's or direct to users, computers or devices. If the user, computer or device trusts the root CA, then any certificate that is issued by any CA in the hierarchy will automatically be trusted and thus used by the client.

References
"MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 771-775

Рекомендации по теме

Комментарии

Clearest explanation I’ve ever seen.

Still twists my brain into a knot.

bjornarmar

I gotta say...
I've been through some websites and videos trying to explain certificates.
But this is the one video that explains it the most simplest and well-understandable manner.

Coballes

I love when stuff is simplified. You can give me more complicated perhaps real life scenarios but make it simple at first. Thank you!

kevingrace

Love the training series. It's really taken everything and put it into baby steps so that anyone, even if they aren't particulary from the IT field, can easily understand these concepts. This goes for all of your videos, I love watching them all.

jjaroc

Thanks for disabling adblock, but there is no need to click on the ads, unless you are interested in the product. Glad you like the videos.

itfreetraining

That was wonderful! Thanks, for making it so clear and linking it to real life examples! Keep up the good work!

justsomeguy

Thank you. This was really good, even 9yrs later

jnelly

Thank very much and thanks for watching.

itfreetraining

Thanks you a lot. It's too good for a free training vid

dauculajava

Excellent vid! After several days of trying to "get" this stuff, this is by far the best explanation out there.

vanaver

No problem at all, thanks for watching.

itfreetraining

itfreetraining is making the best educational videos. I got my job thanks to your videos

fanaticc

a perfect video !!!! thank you so much you saved me !!!

sarahblem

Thanks very much and thanks for adding us to the playlist.

itfreetraining

Wow. I feel much more confident now after watching this video. Thanks ITFreetraining.

kaykann

One of the best videos I have seen on certificates. I am pointing my colleagues here if they want to learn more about certificates!

Fealox

My god it took for ever stumble upon an explanation this good. Thanks.

jakobfredriksson

If only all tutorial videos could be this good! Awesome explanation. Thanks.

tedwoodpeacock

Great Video by IT Free training. Cheers to you guys. The demonstration is awesome.

sumitamazumder

Great video!!! Clear explanations.
I have a playlist of videos on SSL (Secure Socket Layer) and this particular videos is among the best on that list.

imosbee

What are certificates?

What are certificates?

What are Certificates of Deposit? (CDs)

What are SSL/TLS Certificates? Why do we Need them? and How do they Work?

Root Certificates vs. Intermediate Certificates Explained

How does HTTPS work? What's a CA? What's a self-signed Certificate?

Digital Certificates Explained - How digital certificates bind owners to their public key

Certificates from Scratch - X.509 Certificates explained

Certificates and Certificate Authority Explained

How To Get Paid Coursera Courses for FREE with Certificates in 2024 | Without Financial Aid

SSL Certificates Explained

HTTPS, SSL, TLS & Certificate Authority Explained

How SSL certificate works?

Digital Certificates: Chain of Trust

Intro to Digital Certificates

Understanding website certificates

What are Digital Signatures? - Computerphile

Renewable energy certificates: how do they work?

Key Players of SSL & TLS: Client, Server, Certificate Authority (CA) - Practical TLS

More investors counting on certificates of deposit. What are the benefits of CDs?

What are certificates of deposit and should you buy one? | Explainomics

The TRUTH About Google Career Certificates [ A Hiring Manager's Perspective ]

How useful are certificates to get a data science job?

Are Coding Certificates Important? AWS Certificates | AWS Certification Guide

How SSL Certificate Works? - HTTPS Explained