This site requires JavaScript to be enabled
17 views

 

Certificates provide a way to verify a user's identity on a computer or over a computer network before allowing the user access to a protected website, application, computer or other resources. Typical computer services that require certificate authentication include secure websites, grid services, and email signing and encryption. 

Certificates rely on Public Key Infrastructure (PKI), a virtual "lockbox" technology, in which two keys are needed in order for a user to access the requested resource: a "private" key that the user holds and a "public" key that the user's certificate holds. At Fermilab, the PKI-protected services and resources currently recognize the following two types of certificate:

 

How do certificates work?

A certificate is a digitally-signed statement from a trusted third party that acts as a "middleman" that associates the public key with a name. When a user requests access to a PKI-protected resource, the resource invokes PKI and says "User X requested access. Please check whether User X is really User X." PKI retrieves the certificate it has for User X and requests the user's private key. It then checks whether the combination of public and private keys "opens the lockbox", and reports "yes" or "no" to the resource.

Besides people, certificates can also identify hosts and services.  

 

Related information

Authored by Fang Wang
Last modified 1 week ago