Digital certificate infrastructure functions and types

Karimova Iqbol Madaminovna,
Department of Information systems, senior teacher
* E-mail: karimovaiqbolatuit@gmail.com

Abstract—The aim of the study is to provide a more complete security solution that verifies the identity of all parties involved in the digital certificate infrastructure certificate transaction. We have tried to explain several sets of ciphers when loading SSL operations from the target server on the BIG-IP system network. We have tried to explain the functions of the certificate infrastructure.
Keywords— Digital certificates, identification, public key
Introduction
Digital certificates, similar to identification cards, are electronic credentials that are used to certify the online identities of individuals, and computers. Certificates are issued and certified by CAs. PKIX-compliant public key infrastructures support industry standart X.509 version 3 certificates.
Digital certificates function similarly to identification cards such as passports and drivers’ licenses. Identification cards are issued by recognized government authorities. When someone requests an identification card, a government authority verifies the identity of the requester, certifies that the requester meets all requirements to receive the card, and then issues the card. When an identification card such as a driver’s license is presented to others, they can verify the identify of its owner because the card provides the following security benefits:
It contains personal information to help identify and trace the owner.
It contains the photograph and the signature of the rightful owner to enable positive identification.
It contains the information that is required to identify and contact the issuing authority.
It is designed to be tamper resistant and difficult to counterfeit.
It is issued by an authority that can revoke the identification card at any time (for example, if the card is misused or stolen).
It can be checked for revocation by contacting the issuing authority.
A certificate contains information that identifies the certificate’s owner (called the subject) as an entity on the network. A certificate also contains the owner’s public key. Furthermore, a certificate identifies the CA (called the issuer) that issued the certificate. A CA uses its private key to digitally sign each certificate it issues. To create the digital signature, the CA generates a message digest from the certificate, encrypts the digets with its private key, and includes the digital signature as part of the certificate. Anyone can use the message digest function and the CA’s public key to verify the certificate’s integrity. If a certificate becomes corrupted or someone tampers with it, the message digest for the altered certificate does not match the digest in the CA’s digital signature.

1. 
   Figure 1shows how a certificate is signed by the issuing CA [1].
   

Figure 1. Digital Signature for a Certificate

Digital Certificates can be used for a variety of electronic transactions including e-mail, electronic commerce, groupware and electronic funds transfers. Netscape’s popular Enterprise Server requires a Digital Certificate for each secure server.
For example, a customer shopping at an electronic mall run by Netscape’s server software requests the Digital Certificate of the server to authenticate the identity of the mall operator and the content provided by the merchant. Without authenticating the server, the shopper should not trust the operator or merchant with sensitive information like a credit card number. The Digital Certificate is instrumental in establishing a secure channel for communicating any sensitive information back to the mall operator Virtual malls, electronic banking, another electronic services are becoming more commonplace, offering the convenience and flexibility of round-the-clock service direct from your home. However, your concerns about privacy and security might be preventing you from taking advantage of this new medium for your personal business. Encryption alone is not enough, as it provides no proof of the identity of the sender of the encrypted information. Without special safeguards, you risk being impersonated online. Digital Certificates address this problem, providing an electronic means of verifying someone’s identity. Used in conjunction with encryption, Digital Certificates provide a more complete security solution, assuring the identity of all parties involved in a transaction. Similarly, a secure server must have its own Digital Certificates to assure users that the server is run by the organization it claims to be affiliated with and that the content provided is legitimate.
The BIG-IP system uses digital certificates with the SSL/TLS protocol to grant authentication to clients on the external network that are generally untrusted. In high-security environments, the BIG-IP system can also use certificates to communicate securely with other systems on the internal network, such as web servers and other BIG-IP systems.
The BIG-IP system can sign a digital certificate in either of two ways:
By generating and submitting, a request to a third party trusted certificate authority (CA).
By creating a self-signed certificate. Self-signed certificates are typically used for testing purposes.
Once a certificate is installed or created on the BIG-IP system, other BIG-IP administrative users can specify those certificates in BIG-IP SSL profiles to manage SSL application traffic. Moreover, the BIG-IP system uses digital certificates to establish device trust in device service clustering (DSC) configurations.