Deciding whether to use digital certificates

Using digital certificates allows you to enhance security for your systems and network. You can use certificates in two primary ways:

• As a means of configuring SSL for secure communications for various applications.
• As a means of more strongly authenticating users who access resources (currently limited to Web serving though HTTP).

Passwords provide user authentication, but unlike certificates, passwords do not address such issues as privacy and data integrity. The following are additional ways in which certificates are superior to passwords:

• Different users can share the same password, jeopardizing the security of your network. Since certificates contain information about a particular individual, they are less likely to be shared. Sharing is also logistically more difficult because certificates and their associated private keys are typically stored on a hard drive or smart card.
• A certificate also contains a private key that is never sent with the certificate for identification. Instead, the system uses this key during the encryption and the decryption processes.
• Many systems require passwords that are 8 characters or shorter in length. The cryptographic keys that are associated with certificates are hundreds of characters long. This length, along with their random nature, makes cryptographic keys much harder to guess than passwords.
• There is always the possibility that an individual might forget his or her password.
• Digital certificate keys are based upon cryptographic techniques. This allows for the following potential uses that passwords cannot provide:
  • Assuring data integrity by detecting changes to data.
  • Proving that a particular action was indeed performed. This is called non-repudiation.
  • Securing communications by using the Secure Sockets Layer to encrypt communication sessions. This allows you to send data privately to others over a public network.

If you decide to start using certificates, you must decide what type of Certificate Authority you want to use to issue your certificates. You can use Internet certificates or create your own Certificate Authority to issue certificates, or use a combination of the two types.

Once you decide to use certificates, you will need to decide whether to use Internet certificates versus creating your own.