Your organization can use any or all of these certificates, depending on the nature of its business.
Certificate authority certificate
The certificate authority certificate is used by organizations such as VeriSign to sign other certificates.
The server certificate is used on Web servers to identify the Web server and the company running it, and to allow for encrypted SSL sessions between the server and browsers. Server certificates are also necessary for a server to participate in SETs. You will create, install, and test server certificates in the upcoming exercises.
The personal certificate is issued to individuals to allow them to be authenticated and to engage in
Secure MIME (S/MIME): A specification for secure electronic mail. S/MIME was designed to add security to email messages in MIME format. The security services offered are authentication (using digital signatures) and privacy (using encryption). S/MIME assumes that both the sender and receiver of secure email messages have public/private key pairs and uses the concept of a digital envelope.
Secure Sockets Layer (SSL): An encryption method enabled by digital certificates.
Secure Electronic Transaction (SET) : A method of information exchange that allows businesses and clients an extra level of protection while conducting business.
SSL, and SET.
Software publisher certificate
Application developers use these certificates to sign and identify their released code so customers can identify the author.
More about software publisher certificates and code safety.
Software Publisher Certificates and code safety
Just because a software developer has signed a program does not necessarily mean that the code is safe. In regard to applications, proper signing assigns responsibility. Several years ago, a private software developer created an ActiveX control called Internet Exploder, then got it signed by VeriSign. This control was malicious and erased hard drives. This incident did not violate VeriSign's claim for authentication, however. This is because the control did in fact belong to the creator. The certificate was completely accurate. Remember, authenticating identity is not the same thing as verifying whether code is malicious or not.
The certificate may also indicate the applications that it supports. A certificate issuer, called a certification authority
(CA) can specify the supported applications or specify the expected cryptographic operations. For example, the
certificate could specify virtual private network (VPN) key management. Alternatively, the certificate issuer might
specify that the public key should be used for validating digital signatures.
In the next lesson, you will learn about public and private CAs.