What is a Digital Certificate?
A Digital Certificate is used to confirm that the message or document received was from the expected sender and that the document or message has not been altered since being sent.
The sender of the message uses a public key to create a hash value of the message and this hash is stored within the message digest.
The message is sent to the intended recipient and that party then uses their private key to decrypt the hash value and then a hash value of the message is created. A comparison of the sent and received hash value can then be conducted, as long as those messages are the same then the message can be confirmed as unaltered.
The Digital Certificate relies upon the private key held by the owner that is used to sign and decrypt the message and a public key that is used for the encryption of data that has been sent to the owner of the public key and to authenticate any data signed by the key owner.
Digital Certificates are also used by Internet browsing software, such as Google Chrome, Mozilla Firefox and Microsoft Edge and web servers for SSL connections.
SSL certificates also have a public and private key that allow an encrypted connection to be established. The certificate contains the identity of the website owner within the subject. In order to obtain a certificate, the owner creates a Certificate Signing Request on the server which creates a private and public key.
An SSL Certificate is issued by a Certificate Authority to a company and the presence of it on the website verifies that the CA has authenticated the site as trusted.
The Internet browser software does not trust the website itself, however, the presence of the SSL certificate issued by a trusted Ceritificate Authority means that the browser then trusts the site.
The Internet browser then accepts the site as being secure and the user is reassured when required to enter any personal or confidential information.
Digital Certificate Types
There are three main types of SSL Digital certificates:
- Extended Validation (EV SSL) – These certificates are issued once the applicant has proven the identity to the Certificate Authority including confirmation that the applicant exists, that the identity is permitted to use the domain and confirmation that the owner of the domain has authorised the certificate to be issued.
- Domain Validated (DV SSL) – These certificates require the applicant only to demonstrate that they are permitted to use the domain, they provide no confirmation as to whom the entity is.
- Organisation Validated (OV SSL) – These certificates require the applicant to prove that they are permitted to use the domain and to confirm that they own that domain.
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0330 123 4448 or via email on enquiries@athenaforensics.co.uk, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensic investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.
https://athenaforensics.co.uk/service/mobile-phone-forensic-experts/
https://athenaforensics.co.uk/service/computer-forensic-experts/