What is the digital signature on a certificate? Who signs a certificate? What can be validated on a certificate?

Digital certificates are electronic credentials that are used to certify the identities of individuals, computers, and other entities on a network.

Digital certificates function similarly to identification cards such as passports and drivers' licenses. For example, passports and drivers' licenses are issued by recognized government authorities, whereas digital certificates are issued by recognized certification authorities (CAs).

When someone requests a passport or driver's license, the government authority verifies the identity of the requester, certifies that the requester meets all requirements to receive the card, and then issues the card. Before a certificate can be issued, a CA or CA administrator must verify the requester's identity, determine that they meet all requirements to receive the certificate, and then issue the certificate.

Like an identification card such as a driver's license or passport, a digital certificate can be used to verify the identity of its owner. When the certificate is presented to others, they help verify the identity of its owner based on the quality of the contents of the certificate:

• Personal information that helps identify the owner.
• The signature of the issuing authority. For digital certificates, the issuing authority is the CA.
• Information needed to identify and contact the issuing authority.

In addition, the quality of a certificate is enhanced if it:

• Is designed to be tamper-resistant and difficult to counterfeit.
• Is issued by an authority that can revoke the certificate at any time (for example, if the employee to whom the certificate was issued is no longer employed by the organization).
• Can be checked for revocation by contacting the issuing authority.