Identity certificates are digital certificates that bind a cryptographic key to an entity: a person, a device, a domain or an application. An application can be an email program or a web browser.
Identity certificates play an important role in establishing a secure connection, for example between a web server and a browser via HTTPS.
The party that requests a secure connection uses the Identity certificate of the other party for authentication (is the party really who it says it is). Furthermore, the Identity certificate contains a public key that is used for the encryption of messages during the establishment of the secure connection.
Example: Authentication of a certificate
Example: Authentication of a certificateParty B (for example, a browser) sends a request for a secure connection to Party A (for example, a web server).
Party A sends its Identity certificate.
Party B authenticates the Identity certificate of party A.
An Identity certificate has been created and issued by a trusted entity, the Certificate Authority (CA). A CA is a trusted entity which has the following main tasks:
Verifies the detailed information of a party.
Issues a signed Identity certificate for the verified party.
The CA also has a certificate, a CA certificate. This CA certificate is used to verify the authenticity of Identity certificates issued by the same CA. So, the CA provides its own certificate to other parties for verification purposes.
There are two types of CA certificates: Root CA certificates and Intermediate CA certificates. The Root CA certificate is always issued by the Root CA itself. An intermediate CA certificate is issued by a Root CA or an intermediate CA.
Example:
Example: Certificate Authority (CA)In this example, the certification paths contains one Root certificate, one Intermediate certificate, and the Identity certificate.
The Root CA certificate (1) is issued by the Root CA (CA 1).
The Intermediate CA certificate (2) is also issued by CA1.
The Identity certificate (3), for example the PRISMAsync Print Server Identity certificate, is issued by the CA 2. The Identity certificate is sent to the connecting party on request.
Trusted certificates (4) are copies of the Root CA and Intermediate CA certificates and are present in the list of trusted certificates of the connecting party. The connecting party authenticates the PRISMAsync Print Server Identity certificate by means of the trusted certificates.
NOTE
It can also be that the Root CA issues an Identity certificate. Then, the list of trusted certificates does not contain an Intermediate CA certificate.