Anyone who uses the Internet, belongs to a LAN, or works for a conglomerate and is part of a WAN has probably seen certificates and untrusted certificates. In particular, you might see the latter when trying to link to a specific website. If the certificate related to the website has been identified as being revoked, a message might pop up indicating that this is so along with a question as to what you want to do next.
The primary purpose of certificates is to provide an easy, legitimate way to verify or authenticate something or someone. Electronic certificates can be used to verify the identity of individuals, documents, messages, websites, or devices. They can also be used to authenticate services of some type. Plus, certificates can be used to encrypt files to maintain their authenticity.
Generally, certificates exist without our noticing them. This is because valid certificates slip by without our ever seeing them. However, untrusted certificates will make an appearance via a warning that suggests that a specific certificate is not valid or that it is expired.
Untrusted certificates are generally certificates that have not been identified as valid or authenticated by the certification authority. In most cases, these certificates will end up in the untrusted certificate folder on your computer. In some cases, an untrusted certificate is one that the certification authority has already revoked.
How does a certificate get revoked? If for some reason, the certification authority cannot verify the identification information that has been provided in order to obtain the certificate, its validity becomes questionable. If the information attached to a certificate is not exactly as it was when the certificate was obtained, it sends up a red flag about its validity. If this happens, the certificate is revoked. Once a certificate is revoked, it is sent to the Untrusted Certificate folder. Once this happens, the certificate can never be used again.
A certification authority is the name of the organization that is set up to issue certificates. In order to do so, the certification authority verifies the identity of the individual asking for a certificate as well as the organization for which the individual claims to be employed by. More than one certification authority exists. These organizations are responsible for establishing as well as verifying the authenticity of any public keys. The public keys that they verify can belong to other certification authorities or to individuals.
Technically, we are placing our trust in the certification authority to properly authenticate certificates. Both public and private networks rely on certificates to communicate sensitive information with a sense of security. Along with sensitive data comes a need to verify that the sender of the information is legitimate and that is where certificates and certification authorities come into play. The use of certificates makes it more difficult for people to impersonate someone, even through the anonymity of the Internet.