Know and understand digital certificate including its purpose and contents

ResourcesSubject NotesInformation Communication Technology ICTLesson Plan
Cambridge IGCSE ICT 0417 – Safety and Security: Digital Certificates

Safety and Security – Digital Certificates

Objective

Know and understand digital certificates, including their purpose and the information they contain.

What is a Digital Certificate?

A digital certificate is an electronic document that binds a public key to the identity of an individual, organisation, or device. It is issued by a trusted third‑party called a Certificate Authority (CA) and is used in many security protocols such as SSL/TLS, S/MIME and code signing.

Purpose of a Digital Certificate

  • Authentication – Verifies the identity of the certificate holder.
  • Encryption – Provides a public key that can be used to encrypt data sent to the holder.
  • Integrity – Ensures that data has not been altered in transit.
  • Non‑repudiation – The holder cannot deny having signed a message or transaction.

Key Components of a Digital Certificate

The following fields are typically found in an X.509 digital certificate.

Field Description
Version Indicates the X.509 version (usually v3).
Serial Number Unique identifier assigned by the issuing CA.
Signature Algorithm Algorithm used by the CA to sign the certificate (e.g., SHA‑256 with RSA).
Issuer Name of the Certificate Authority that issued the certificate.
Validity Period Start and end dates between which the certificate is considered valid.
Subject Identity of the certificate holder (person, organisation, device).
Subject Public Key Info The public key and the algorithm associated with the holder.
Extensions (optional) Additional information such as key usage, alternative names, or certificate policies.
Digital Signature Encrypted hash of the certificate data, created with the CA’s private key.

How a Digital Certificate Works (Simplified)

  1. A user or server generates a public‑private key pair.
  2. The public key and identity details are sent to a CA in a Certificate Signing Request (CSR).
  3. The CA verifies the identity, creates the certificate, and signs it with its private key.
  4. The certificate is delivered to the requester and can be presented to others.
  5. When a client receives the certificate, it checks:
    1. That the CA’s signature is valid (using the CA’s public key).
    2. That the certificate is within its validity period.
    3. That the certificate has not been revoked (via CRL or OCSP).
  6. If the checks pass, the client trusts the public key and can establish a secure connection.

Why Digital Certificates Matter in ICT

  • They enable secure web browsing (HTTPS).
  • They protect email confidentiality and authenticity (S/MIME).
  • They allow secure remote access (VPNs, SSH).
  • They support trusted software distribution (code signing).

Suggested Diagram

Suggested diagram: Flow of a digital certificate from key generation, through CA signing, to client verification.

Summary

Digital certificates are essential tools for establishing trust on the internet. By binding a public key to a verified identity, they enable authentication, encryption, integrity, and non‑repudiation. Understanding the purpose and contents of a certificate helps ICT learners recognise how secure communications are achieved and why proper certificate management is a cornerstone of digital safety and security.