How Digital Certificates Work

See Also

Digital certificates are based on public/private key technology. Each key is like a unique encryption device. No two keys are ever identical, which is why a key can be used to identify its owner. Keys always work in pairs, one called the private key, and the other called the public key. What a public key encrypts, only the corresponding private key can decrypt, and vice versa. Public keys are distributed freely to anyone who wants to exchange secure information with you. Your private key is never copied or distributed and remains secure on your computer or server.

Digital certificates automate the process of distributing public keys and exchanging secure information. When you install a digital certificate on your computer or web server, your computer or web site now has its own private key. Its matching public key is freely available as part of your digital certificate on your computer or web site.

When another computer wants to exchange information with your computer, it accesses your digital certificate, which contains your public key. The other computer uses your public key to validate your identity and to encrypt the information it wants to share with you using TLS (Transport Layer Security) technology. Only your private key can decrypt this information, so it remains secure from interception or unauthorized change while traveling across the Internet.