English German Spanish
Support|Education|Careers|Contact Us
HomeProductsDINETOur CustomersServicesSolutionsNewsAbout UsGlobal Locations
Automotive Security > Certificates

Certificates

What is a digital certificate?

Digital certificates bind an identity to a pair of electronic keys that can be used to encrypt and sign digital information. A digital certificate makes it possible to verify someone's claim that they have the right to use a given key, helping to prevent people from using counterfeit keys to impersonate other users.

Used in conjunction with encryption, digital certificates provide a more complete security solution, assuring the identity of all parties involved in a transaction.

Digital certificates are also known as X.509 certificates as defined by ISO (International Standards Organisation).

How can certificates be obtained?

Certificates can be obtained in three different ways:

  • Created by the user of a certificate, known as a self-signed certificate
  • Trading Partner distribution, created by the customer for their suppliers
  • Generated by a Certification Authority (CA)

The main issue relating to the provision of certificates is that of trust. Before a certificate can be accepted as trustworthy by a trading partner, the issuer of the certificate must first be trusted.

Additionally, each user should only have one certificate that is accepted by all of their trading partners, rather than being required to use a different certificate for each. Large trading partners may also maintain their own Public Key Infrastructure (PKI) to provide certificates directly to their suppliers. A PKI is a collection of technologies, processes, and organisational policies that support the use of public key cryptography and in particular the means to verify the authenticity of public keys.

Self-Signed Certificates

A self-signed certificate is a certificate that is signed by its own creator, that is, the person that created the certificate also signed off on its legitimacy. Self-signed certificates do not provide any assurance that the certificate can be trusted and is generally not regarded as an acceptable way of creating certificates.

Trading Partner provided certificates

In the absence of an agreed common approach to digital security some major companies have not only started issuing certificates to their suppliers, but have also inserted proprietary supplementary information into the certificate in order to make certificate usage easier within their IT systems. Although this practice may make it easier for the individual trading partner, it could render the certificate useless for use with other trading partners.

Certification Authorities (CA’s)

What is a Certification Authority?

A certification authority (CA) is an organisation, usually commercial, which issues certificates for use by other parties. Through marketing, and audited compliance with recognised international standards, some CA’s are better regarded than others.

CA provided certificates

A CA issues a user’s certificate and then signs the certificate with the CA’s own certificate; in turn the CA’s certificate may be signed by another CA. Ultimately, there will be a highest-ranking CA which does not have its own certificate signed by another CA.

The value basis of obtaining a certificate from a CA (rather than using a self-signed certificate) is that the CA is widely trusted and therefore other users will implicitly trust the user’s certificate. This mechanism relies upon the CA’s certificate being trusted upon the computer in which the user’s certificate will be used.

Can you really trust certificates issued by a CA?

The theory is that certificates obtained via a CA are more trustworthy than self-signed certificates, although this is misleading.

The basic certificate that may be purchased from a CA comes with little verification. Basically an email is sent back to the address of the applicant to confirm that the email address is valid, but no further checks are performed to ensure the integrity of the purchaser.

Commercial CA signed Extended Validation Certificates

CA’s do offer additional verification services which rigorously validate any certificate request, thus providing a higher degree of trust in the certificate. These services incur a much higher cost; extended Validation certificates are available for around €700 per year.

Which kind of certificate do I need?

Due to the large number of certificate types that are available from CA’s, it is not immediately obvious as to what kind of certificate should be purchased for use with different application purposes.

This leads to the inevitable confusion of users when deciding where to buy their certificates, it could also lead to trading partners selecting different CA’s resulting in a non-standard approach.

The certificates issued by CA’s vary by:

  • Verification
  • Type of usage e.g.
  • Email
  • Documents
  • Network connections
  • Application program code

Certificate Usage

The next problem that arises with the issuing of a certificate is the definition of the function for which the certificate can be used. Typically CA’s issue certificates that are either for the use of web servers to secure the connection between the client browser and the web server, or for the use of email clients to sign personal emails.

Unfortunately, even for the same type of certificates, different CA’s use different key usage attributes when creating certificates.

 

Navigation
Automotive Security Automotive Security
The Requirement The Requirement
Legality Legality
The Environment The Environment
Certificates Certificates
The Solution The Solution
Barriers to Adoption Barriers to Adoption
Recommendations Recommendations
Download White Paper Download White Paper
CONTACT US

UK: +44 (0) 1733 371 311
ES: +34 91 268 66 29
SE: +46 (0) 322 935 25
DE: +49 (0) 40 31112 374


sales@di-international.com
Terms and Conditions | Copyright Data Interchange Plc 2012