What are digital certificates and how do they work?

Short answer

A digital certificate is an electronic document that binds a public key to an identity. Issued by trusted Certificate Authorities, it enables encrypted communication and verifies that a server is legitimate.

How it works

The certificate contains the subject's identity, public key, issuer information, validity dates, and usage constraints. The Certificate Authority signs the certificate with its private key. Clients verify this signature against a built-in list of trusted root certificates.

During a TLS handshake, the server presents its certificate. The client validates the chain of trust, checks expiration, and confirms the domain matches.

Example

When you visit a bank's website, the browser checks that the certificate is issued by a trusted CA, has not expired, and matches the domain name. Any discrepancy triggers a security warning.

Why it matters

Certificates prevent man-in-the-middle attacks by assuring users they are communicating with the genuine server. They are foundational to HTTPS, code signing, and email encryption.