Authentication Confirms An Identity - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Certificates and Authentication
To get a driver's license, you typically apply to a government agency, such as the
Department of Motor Vehicles, which verifies your identity, your ability to drive, your
address, and other information before issuing the license. To get a student ID, you apply to
a school or college, which performs different checks (such as whether you have paid your
tuition) before issuing the ID. To get a library card, you may need to provide only your
name and a utility bill with your address on it.
Certificates work much the same way as any of these familiar forms of identification.
Certificate authorities (CAs) are entities that validate identities and issue certificates. They
can be either independent third parties or organizations running their own certificate-issuing
server software (such as Red Hat Certificate System). The methods used to validate an
identity vary depending on the policies of a given CA—just as the methods to validate other
forms of identification vary depending on who is issuing the ID and the purpose for which it
will be used. In general, before issuing a certificate, the CA must use its published
verification procedures for that type of certificate to ensure that an entity requesting a
certificate is in fact who it claims to be.
The certificate issued by the CA binds a particular public key to the name of the entity the
certificate identifies (such as the name of an employee or a server). Certificates help prevent
the use of fake public keys for impersonation. Only the public key certified by the
certificate will work with the corresponding private key possessed by the entity identified
by the certificate.
In addition to a public key, a certificate always includes the name of the entity it identifies,
an expiration date, the name of the CA that issued the certificate, a serial number, and other
information. Most importantly, a certificate always includes the digital signature of the
issuing CA. The CA's digital signature allows the certificate to function as a "letter of
introduction" for users who know and trust the CA but don't know the entity identified by
the certificate.
For more information about the role of CAs, see "How CA Certificates Are Used to
Establish Trust," beginning on page 788."

Authentication Confirms an Identity

Authentication is the process of confirming an identity. In the context of network
interactions, authentication involves the confident identification of one party by another
party. Authentication over networks can take many forms. Certificates are one way of
supporting authentication.
Appendix J Introduction to Public-Key Cryptography 775