Digital certificates are a key component in the TLS handshake. We often hear digital 'certs', but what do they actually represent?
Digital certificates (also called public key certificate) is a way to prove the ownership of a public key. The contents are (but are not limited to):
- Info about the key (what type of key it is)
- Who the owner of the key
- The owner's public key
- The digital signature of a third party entity that verifies that whoever holds the certificate is who they say they are (this is called the issuer). This is (supposedly) unique, un-fakeable hash.
- Who the issuer is
- The expiry date of the certificate
Okay cool, so we have someone who approves the certificate.... how do we know they are a valid entity?! We do the same thing again - another third party signs on the issuer's certificate, till we get to the root certificate authority. Ok.... so who approves them? Well those certificates are self signed, and are stored on your laptop by the manufacturer.
Here is a helpful diagram to show how this waterfall of approvals happens (this is called the 'chain of trust'):
In the next article, I'll go through more TLS components, and break them down like this.
Top comments (0)