Not a Tech Pro Research member? Sign up for a Free Trial and get access to this content and more for one week.
Digital Certificate Policy
- Originally Published:
- Jan 2015
A digital certificate is a sort of signature - a fingerprint which identifies a server or website, for instance, so visitors who connect can verify that the target is who it claims to be and not a fraudulent or malicious site posing as a legitimate business. Whether visitors are shopping, working or exchanging confidential information, a digital certificate protects them and their data.
Digital certificates depend on trust. They are issued by certification authorities, which are entities that assure the user that the certificates they provide are valid and reliable. A certification authority can either be a public organization such as Comodo, Entrust and Verisign (which charge a fee to issue certificates) or a private system which can be built and operated in-house to provide self-signed certificates without a fee. In either case the user’s client application (often a web browser) must trust the certification authority, which has its own certificate that needs to be installed before it can present other certificates to users.
The purpose of this Digital Certificate Policy is to provide guidelines for the appropriate procurement, usage and renewal of digital certificates. It can be downloaded and used as written, or can serve as a template for your organization's own policy.
Already a member? Log in here