X.509 certificates are a standard format established by the International Telecommunications Union, a branch of the UN. The certificate recommendation defines the framework for PKI and privilege management infrastructure (PMI) and establishes the protocols for asymmetric cryptographic techniques and how certificates are managed.
To work securely, both parties in the exchange must trust each other’s identity. The X.509 certificates protocol is introduced as the certificate is the digital proof, signed by a trusted certificate authority (CA), that the user’s identity is valid. Technically it is possible for a user to self-sign their certificate rather than being issued it by a CA. However, most browsers and networks have deprecated the use of self-signed certificates due to their potential to be fraudulent.
Web and PKI networks rely on the trust enabled by CAs after the protocols are accepted, and they can communicate securely with other parties. There are a number of standards and procedures which must be followed for a CA to gain and maintain the trust of network users. A hacked CA, such as the hack of Dutch CA DigiNotar, can cause chaos for networks with thousands or even millions of certificates being compromised. As a result, ensuring their own security is essential.
These are the X.509 certificates that assure the identity of a party, such as a website. Before accessing a website, a browser will check that this certificate’s chain leads back to a trusted CA. End-entity certificates are also known as leaf certificates, as nothing further can be grown from them.
Achieving a scalable PKI architecture that guarantees 24x7x365 service involves significant initial build costs and ongoing maintenance and operations costs. Intertrust’s PKI is 50%-85% less costly than creating the same system in-house and can scale virtually indefinitely as your business needs change.
No comments yet