Certificate Authority:

The certificate authority plays an important role in securing the data by authenticating it using digital signature certificates which contains a unique identity of the user. The identification for the holder of the digital signature certificate is confirmed by the certifying authority. The certifying authority validates the certificates issued to the sender/receiver for sending or receiving information. Digital Certificates are your digital passports, an Internet ID. Digital certificates are used for verifying the identity of the person and hence digital passports, internet ID etc which are reliable for identifying are used as digital certificates. OpenSSL, Netscape, Verisign, Entrust, and RSA Keon are some of the mediums though which digital certificates are verified.

            Digital certificate can provide authentication to the sender when the digital signature is attached to it along with the public key of the sender. As the certificate authority binds the relation between the key pair and the sender’s real world attributes.

In a wired environment, the certifying authority refers to the group of hardware, software and users. A computer used by the certification authority maintains the records about issuing a digital certificate, maintaining it and also maintains the revocation lists. 

In our application we are issuing certificates using Windows 2003 server.

As we mentioned Digital certificates are used for providing authentication for server and client, there are three types of authentication that are possible

  1. Server Authentication:-  this is the most widely used authentication process mostly in web services, in this type of authentication Server sends its certificate to the client and client verifies the certificate and authenticates server. 
  1. Client Authentication: – In this type of authentication process client has been authenticated by the server by requesting certificate from the server and validating it. 
  1. Mutual Authentication: – In this process both server and client has to exchange their certificates, which means that both have to authenticate each other and it is considered as the most secure way of communication. In our application we have used Mutual authentication with the help of TLS protocol.

This Project Paper is written & submitted by Deepak V.