Digital Certificate
A Digital Certificate is a digitally signed document that binds a public key to an identity (user, server, or device). It is issued by a Certificate Authority and serves as proof that the holder of the corresponding private key is the entity listed in the certificate.
# WHAT TEAMS RUN INTO
- —
Certificates are often self-signed or issued by untrusted authorities. Users and applications need to validate that a certificate is signed by a trusted Certificate Authority, but many implementations skip this validation.
- —
Certificate chains can be complex and confusing. A certificate might be signed by an intermediate authority, which is signed by a root authority, which must be in the system's trusted store. Any link in the chain can break or be compromised.
- —
Certificate pinning breaks when certificates rotate. Applications can pin certificates to prevent man-in-the-middle attacks, but when certificates rotate, pinned applications break until they are updated.
# WHY IT MATTERS
Digital Certificates are how HTTPS and encrypted communication work. Without certificates, every website could be impersonated. With certificates, websites prove their identity through a chain of trust. But the chain of trust is only as strong as the Certificate Authorities in it — if a CA is compromised, any website can be impersonated.