Public key encryption is a powerful tool mainly because it is readily accessible to others and puts less strain on hardware resources during execution. If someone needs to sent an individual an encrypted document, they can easily obtain the public key and encrypt the document using the public key–which the recipient could only read using his/her private key. Public-key certificates were created because of the obvious major weakness with public key authentication–any user could pretend to be user A and then send a public key to another participants. This would enable the forger to receive any document that might potentially be sent to him until the breach is identified. Public-key certificates consists usually of a public key, user id and a block of the certificate signed by a third-party. These third parties are certificate authorities are called CA’s and are legitimate private companies that are trusted by the internet community and issue certificates on behalf of a user making sure that the user is who they claim to be and also make sure they are requesting a certificate for a domain that they own. The universally accepted format for a public certificate is the X.509; they are used for network security applications, in the areas of IP security, SSL, secure electronic transactions (SET) and S/MIME (e-mail security).
A certificate contains many fields of information such as : serial number- used to identify the certificate, signature algorithm, public key, thumbprint algorithm ( the algorithm used to hash the certificate), Thumbprint: the hash itself to make sure that the certificate contents have not been changed. Let’s take a step back and understand how a public certificate becomes signed; an unsigned certificate contains a user ID and the users public key; a hash code is first generated of the unsigned certificate and then the hash code is encrypted using the CA’s private to create a certificate signature. At this point, any recipient who receives the certificate can verify it by checking it the certificate using the CA’s public key which are downloaded to most browsers. The X.509 is an important standard because it is recommended by the ITU-T because the certificate is used in many arenas, not only for SSL transactions. X.509 recommends RSA as the recommended algorithm and assumes that some sort of a hash function is used as the digital signature scheme.
SSL was designed to create a reliable end-to-end secure service for TCP. SSL provides security for higher protocols, like HTTP which is the service that communicates between the web server and the user. SSL connection and session are two important concepts; a connection is essentially a transport that provides the type of service–in this case they are peer-to-peer connections. Each connection is associates with a session which is an association between the client and the server initiated by the Handshake Protocol. The SSL session determines which type of encryption will be used within a connection. One of the parameters in the session is a peer certificate–an X509.v3 to be an exact.
Businesses with web servers should be encouraged to use http over SSL because it safeguards both client and server data. Any externally accessible resource on the network should be protected by a public certificate.