F5 GLOSSARY

Digital Certificate

Digital certificates are electronic credentials used for identity verification on the Internet, providing protection against identity spoofing, interception (eavesdropping), and data tampering during communications.

To verify the authenticity of online communications and to confirm the identity of document senders, digital signatures based on public-key cryptography are widely utilized. Specifically, digital signatures work as follows:

Sender side:

  1. Generate a "message digest" by applying a cryptographic hash function to the document's contents.
  2. Encrypt the message digest with the sender's private key, thereby creating the digital signature.
  3. Send the original document together with the digital signature to the recipient.

Recipient side:

  1. Decrypt the digital signature using the sender's public key to retrieve the original message digest.
  2. Independently generate a new message digest from the received document using the same cryptographic hash function.
  3. Verify that the two message digests match.

Through this process, the recipient confirms the sender's identity as the legitimate owner of the public key and ensures that the document has not been altered during transmission. To ensure security, the recipient must obtain the sender's public key in a trusted and verifiable manner. Digital certificates fulfill this purpose: if digital signatures are technological analogs of official "seals," digital certificates can be seen as the "certificate of authenticity" for those seals.

Naturally, digital certificates must be issued by trusted third-party organizations known as Certification Authorities (CAs). These certificates typically contain the following information:

  • The owner's public key (certificate holder)
  • Identification and credential information of the certificate holder
  • Details regarding the CA that issued the certificate
  • The CA's own digital signature verifying the certificate's authenticity

The CA's digital signature can be verified using the public key contained within the CA's own digitally signed certificate (commonly called the CA certificate). By obtaining and verifying the CA's certificate, users can confirm the authenticity of the issued user's digital certificate.