A digital certificate is an electronic credential that binds a public encryption key to an identity (such as a domain name, person, or company). It works like a digital passport, proving that the owner is who they claim to be.
Certificates are issued by Certificate Authorities (CAs), independent organisations trusted by browsers and operating systems. When you visit a website with HTTPS, your browser checks the site's certificate to confirm it's legitimate before encrypting your connection.
How they work:
- A website or organisation generates a public and private key pair
- They submit a Certificate Signing Request (CSR) to a CA, along with proof of identity
- The CA verifies ownership and issues a signed certificate
- The certificate contains the public key, identity details, validity dates, and the CA's digital signature
- Browsers trust the certificate because they trust the CA that issued it
Why they matter:
Digital certificates protect you from man-in-the-middle attacks and fraudulent websites. Without them, attackers could intercept your data or impersonate legitimate sites. They're essential for online banking, shopping, email, and any sensitive communication.
Common types include:
- SSL/TLS certificates for websites
- Code-signing certificates for software downloads
- Email certificates for digitally signing messages
- Client certificates for two-way authentication
What to know:
Certificates have expiry dates and must be renewed regularly. A website with an expired certificate will show a security warning in your browser. Look for the padlock icon in your address bar to confirm a site uses a valid certificate. Free certificates are available but commercial ones often include better support and higher assurance levels.