Digital Certificate creation
How do you know that your bank account page is the right one? Maybe choosing the first page from google will be the safest choice? But what if your google is not google itself? Hmmm…
The above question could be bothering but fortunately, we have already figured out some solution for that. To establish a secure connection we need three components that constitute Public Key Infrastructure (PKI):
- client which i.e. would like to log into a bank account
- web server which holds the bank account page
- a certification authority (CA) where you can confirm the identity of the web server/page.
However, checking each time bank account page in CA by anyone could overload its pages. So instead CA gives Digital Certificates for some time (till expiration date). This is based on asymmetric cryptography where there is unique pair of keys. One of them can only encrypt data and the other can only decrypt it.
If you would like to have the Digital Certificate i.e. for your web page, you need to send your public key to CA and prove your identity to CA. While creating a web page your hosting provider is doing it for you when obtaining an SSL certificate. Only then your page will be seen as secure by the web browser.
After identity proofing CA encrypt your public key with its private key. Since in most of our browsers there is already preinstalled public key of CA, all of us can decrypt Digital Certificate. Then the web page identity could be confirmed. What’s more, the received public key of the server could be used to establish a secure connection.
The above mechanism is used not only on the internet. When you see a Windows installation pop up asking you if you trust this software, then this is information from its Digital Certificate. Sometimes the source of the software is ‘Unknown’ which means that such certificate is outdated or does not exists.
Ok so now you can log into your bank account. The browser will check the Digital Certificate of it for you and this doesn’t matter if it’s opened through google or not :).