Different uses for Certificates – Part 1

Now that are all know about what are Certificates, and how it all works, let’s talk about the different uses of Certificates.
One of the most common uses of Certificates is to Sign a Web Site.
Many websites today make sure that they are signed with a Certificate.
Why? two main reasons:
1. A website that is signed by a certificates is automatically Encrypts all the data transmitted to and from the website. 
2. A website that is signed by a Certificates is easily identified by other people as the website they are looking for, and not some other fraud website.
I’ll give you an example to make things more easy.
Let’s say for instance you are surfing the web, and you stumble upon a website that is posing to you own Bank website, where you keep all your money.
You are interested in viewing your Bank Account, to see how much money you have there, and to pay some bills using the web.
You put in your user name, your Personal ID, your password – and Puff!
You get a blank page with an error saying the website is currently down.
Is it? no! the Bank website is actually up and running on, only you have logged in to a fraud website, and you have just handed over all the information a thief needs to go to the actual Bank website, and login to your account and steal money from you!
Well ladies and gentleman, this is not some mystic story or a fantasy, it actually happen to a certain bank I know, that I’m going to disclose.
But the real issue here – how can you avoid this in the future?
Well now we get back to the Certificate.
Remember I said that Certificates are used to sign Website’s? well by law, all the major banks in world sign their websites with Certificates issued to them by very big and well known issuers like VeriSign and etc…
Before a bank can get a Certificate, the issuer inspects the website to make sure that it has no backdoors, or “bad built” quality.
Only then, the bank gets the Certificate (that costs him pretty much a year’s payment!).
The important this is that almost every computer in world trust’s those Issuers by default.
If you are interested, you can view the issuers your computer trust, by opening the Certificates Management Console – Simply press Start -> Run, Type in “MMC” and the Microsoft Management Console open’s up. There you click on “Control+M”, Choose Certificate, Mark “Computer Account” and choose your “Local Computer” (long instruction, short way).
Now you will see the Certificate Management Console. Here you can view stuff like personal Certificates issued to your computer (if there are any), and you can also go to “Trusted Root Certification Authority”. Here you can view all the issuer’s that your computer trusts. 
If you go to a website that was issued a Certificate by one of these issuers, your computer will immediately identify that website as a trustworthy website.
If the website your go to was issued a Certificate by someone not in that store, the browser (IE, FF and etc…) will display a warning to you, saying that the website has an unknown Certificate, issued by an unknown issuer.
So now we know why people or organization sign their website.
But why do they Encrypt the data transmitted to and from them?
Well that is very simple – now that you are sure that the website you have surfed to belongs to your bank and not some fraud site, you are probably going to login to view your bank account right?
The way you login is you put your details and send them over to the back so he can identify you right?
Wouldn’t you like to Encrypt that data so that no one will be able to just pick up those bits and bytes that was sent from your computer to the website server?
And that is why the transmit ion is Encrypted.
But if its Encrypted by your computer, how does the website Decrypts it? and if the server sends Encrypted Data to my computer, how do I Decrypt it?
Well, to answer all these question, read my previous posts on Encryption/Decryption and how RootCA works 🙂
In this post I explained you how websites use Certificate to sign them self’s and Encrypt data.
On following posts I will show you more implementation of Certificates.

What do you think about this post?