Certificates And Authentication; A Certificate Identifies Someone Or Something; Authentication Confirms An Identity - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual

A digital signature is similar to a handwritten signature. Once data have been signed, it is difficult
to deny doing so later, assuming the private key has not been compromised. This quality of digital
signatures provides a high degree of nonrepudiation; digital signatures make it difficult for the signer
to deny having signed the data. In some situations, a digital signature is as legally binding as a
handwritten signature.

1.3. Certificates and Authentication

Section 1.3.1, "A Certificate Identifies Someone or Something"
•
Section 1.3.2, "Authentication Confirms an Identity"
•
Section 1.3.3, "How Certificates Are Used"
•
Section 1.3.4, "Contents of a Certificate"
•
Section 1.3.5, "How CA Certificates Establish Trust"
•

1.3.1. A Certificate Identifies Someone or Something

A certificate is an electronic document used to identify an individual, a server, a company, or other
entity and to associate that identity with a public key. Like a driver's license or passport, a certificate
provides generally recognized proof of a person's identity. Public-key cryptography uses certificates to
address the problem of impersonation.
To get personal ID such as a driver's license, a person has to present some other form of identification
which confirms that the person is who he claims to be. Certificates work much the same way.
Certificate authorities (CAs) validate identities and issue certificates. CAs can be either independent
third parties or organizations running their own certificate-issuing server software, such as Certificate
System. The methods used to validate an identity vary depending on the policies of a given CA for the
type of certificate being requested. Before issuing a certificate, a CA must confirm the user's identity
with its standard verification procedures.
The certificate issued by the CA binds a particular public key to the name of the entity the certificate
identifies, such as the name of an employee or a server. Certificates help prevent the use of fake
public keys for impersonation. Only the public key certified by the certificate will work with the
corresponding private key possessed by the entity identified by the certificate.
In addition to a public key, a certificate always includes the name of the entity it identifies, an expiration
date, the name of the CA that issued the certificate, and a serial number. Most importantly, a certificate
always includes the digital signature of the issuing CA. The CA's digital signature allows the certificate
to serve as a valid credential for users who know and trust the CA but do not know the entity identified
by the certificate.
For more information about the role of CAs, see

1.3.2. Authentication Confirms an Identity

Authentication is the process of confirming an identity. For network interactions, authentication
involves the identification of one party by another party. There are many ways to use authentication
over networks. Certificates are one of those way.
Network interactions typically take place between a client, such as a web browser, and a server. Client
authentication refers to the identification of a client (the person assumed to be using the software) by
Section 1.3.5, "How CA Certificates Establish
Certificates and Authentication
Trust".
5