Digital certificates

Digital certificates protect against impersonation, certifying that a public key belongs to a specified entity. They are issued by a Certificate Authority.

Digital certificates provide protection against impersonation because a digital certificate binds a public key to its owner. Digital certificates are also known as public key certificates because they give assurances about the ownership of a public key when an asymmetric key scheme is used. A digital certificate contains the public key for an entity and is a statement that the public key belongs to that entity:

If public keys are sent directly by their owner to another entity, there is a risk that the message could be intercepted and the public key substituted by another. Such an action is known as a man in the middle attack. The solution to this problem is to exchange public keys through a trusted third party, giving you a strong assurance that the public key really belongs to the entity with which you are communicating. Instead of sending your public key directly, you ask the trusted third party to incorporate it into a digital certificate. The trusted third party that issues digital certificates is called a Certificate Authority (CA), as described in Certificate Authorities.