But when people started using the internet for businesses and sharing sensitive information such as payment card numbers, healthcare data, bank information, personally identifiable information, tax data, etc., the need for protecting such data became more urgent. That’s where a PKI certificate became the need of the moment. <\/p>\n\n\n\n
In this article, we will explore what is a PKI certificate and, more importantly, why should you use it and how to get a PKI certificate. <\/p>\n\n\n\n
What Is a PKI Certificate?<\/h2>\n\n\n\n![\"Graphic](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/pki-certificate-ssl-tls-1024x683.jpg\")
<\/figure>\n<\/div>\n\n\nFrom a high-level perspective, PKI certificates are types of\ndata files that convey specific information about their individual certificate\nrequesters and are used to negotiate encryption parameters. In general, they\nuse mathematical formulas to: <\/p>\n\n\n\n
\n- validate the identity of servers, browsers, websites, email clients, software developers, and publishers;<\/li>\n\n\n\n
- encrypt and decrypt data at rest (such as emails and files sitting on servers); <\/li>\n\n\n\n
- secure the transmission of data in transit via the internet (including ecommerce transactions);<\/li>\n\n\n\n
- attach digital signatures to software, documents, and emails. <\/li>\n<\/ul>\n\n\n\n
Types of PKI Certificates<\/h2>\n\n\n\n
The popular PKI certificates are as follows. <\/p>\n\n\n\n
SSL\/TLS Certificates<\/h3>\n\n\n\n
SSL\/TLS certificates<\/a> are useful for securing data transmission between a website\u2019s server and users\u2019 browsers. Website owner buys and installs SSL certs on the server where the website is hosted. These certificates vary in terms of:<\/p>\n\n\n\n\n- validation \u2014 domain validation (DV)<\/a>, organization validation (OV)<\/a>, and extended validation (EV)<\/a><\/li>\n\n\n\n
- functionality (what they cover or secure) \u2014 single domains, multi domains<\/a>, single-level subdomains<\/a> (wildcards), and multiple sites and subdomains<\/a> (multi domain wildcards).<\/li>\n<\/ul>\n\n\n\n
Personal Authentication Certificates<\/h3>\n\n\n\n
Personal authentication certificates, also known as email signing certificates<\/a> and S\/MIME certificates, are useful for securing email communications by inserting digital signatures and using hashing functionality. They also can be used for the client (i.e. recipient) authentication.<\/p>\n\n\n\nCode Signing Certificates<\/h3>\n\n\n\n
Code signing certificates<\/a> are perfect for protecting downloadable software, drivers, and executables. Software developers and publishers use them. These certificates are available in organizational (OV) or individual validation (IV) format, as well as extended validation and help software developers avoid the security warnings.<\/p>\n\n\n\nDocument Signing Certificates<\/h3>\n\n\n\n
Document signing certificates<\/a> are useful for securing documents shared over the internet by inserting digital signatures and using hashing functionality.<\/p>\n\n\n\nWe\u2019ll talk more later about each of these types of\ncertificates and their individual uses. In the meantime, let\u2019s understand where\nPKI certificate keys come into play. <\/p>\n\n\n\n
What Is Public Key Infrastructure?<\/h3>\n\n\n\n
Public key infrastructure<\/a> is the set of technologies, policies, frameworks, procedures, that encompasses and supports public key encryption and authentication. PKI was developed<\/a> by a British intelligence agency named Government Communications Headquarters (GCHQ) back in the 1960s. <\/p>\n\n\n\nA PKI certificate involves the use of mathematically related key pairs, known as the public key and private key<\/strong>, which are generated and assigned to verify the identities of the endpoints. These keys are also used for encrypting and decrypting the data.<\/p>\n\n\n\nTo read more on PKI basics<\/a>, be sure to check out our related article o the topic.<\/p>\n\n\n\nHow to Get a PKI Certificate <\/h2>\n\n\n\n
Before deciding how to get a PKI certificate (whether you wish to purchase one from a CA, reseller, or web hosting provider), you should be aware of which PKI certificate you require for your platform. Here, we have listed the most common types of PKI certificates, how they are used, and where you can buy them:<\/p>\n\n\n\n
1. SSL\/TLS Certificates<\/h3>\n\n\n\n
SSL\/TLS certificates, which are\nalso known as HTTPS certificates (and are most frequently referred to when\ntalking about PKI certificates), are used by website owners to secure the\ncommunication between a website (server) and the client (browser). They facilitate\nidentity assurance and encryption using PKI technology. <\/p>\n\n\n\n
How Do SSL\/TLS Certificates Work?<\/h4>\n\n\n\n\n- When you apply for an SSL certificate and complete the verification procedure<\/a>, the PKI certificate authority issues an SSL\/TLS certificate to the hostname (website\u2019s domain name or IP address), attaches the public key to it, and signs the certificate with its own root (or, more commonly, its intermediate root) certificate.\n
\n- When someone tries to open a website, the browser (client) verifies the PKI certificate authority\u2019s signature from its pre-installed root store.<\/li>\n\n\n\n
- The browser creates a session key and encrypts it using the public key of the website.<\/li>\n\n\n\n
- This encrypted session key reaches to the website\u2019s server. The server then decrypts it by using the website\u2019s private key.<\/li>\n\n\n\n
- Now, this session key is used for encrypting and decrypting data transmitted between browser and server for that entire session.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
How to Get a PKI SSL\/TLS Certificate: You can buy an authentic SSL\/TLS certificate from the top-notch PKI certificate authority Sectigo<\/a>. <\/p>\n\n\n\nPlease note that there are many types of SS\/TLS certificates available in the market. To understand which SSL\/TLS is best suitable for your website, please refer to our SSL\/TLS Types<\/a> page.<\/p>\n\n\n\n2. Code Signing Certificates\/Software Signing Certificate<\/h3>\n\n\n\n
These PKI certificates are used to secure downloadable software such as device drivers, applications, executables, and scripts. A code signing certificate<\/a> is purchased and used by software developers\/publishers. <\/p>\n\n\n\nHow Do Code Signing Certificates Work?<\/h4>\n\n\n\n\n- The CA will verify the identity of the applicant\nor the organization and before issuing a code signing certificate to any\nentity. <\/li>\n\n\n\n
- The CA attaches the public key to the code\nsigning certificate and signs the certificate. Its corresponding private key\nwill be safely stored with the software publisher.<\/li>\n\n\n\n
- After finishing a piece of software, the\nsoftware publisher will use their private key to insert a digital signature. No\none can copy, delete, or modify this digital signature. <\/li>\n\n\n\n
- Unlike an SSL certificate, the code signing\ncertificate doesn’t encrypt the code itself. Instead, it hashes the entire code\nalong with the digital signature. \n<\/li>\n\n\n\n
- When a user tries to download the software, their\nsystem checks the PKI certificate authority\u2019s signature. Then, it generates the\nhash value, which must match with the hash value received with the software. <\/li>\n\n\n\n
- The intact hash value shows that software is in\nthe same condition as it was last developed and signed by the software\ndeveloper. This communicates that it was not tampered with or altered while it\nis in transit. <\/li>\n<\/ul>\n\n\n\n
How to Get a PKI Code Signing Certificate: There are many PKI certificate authorities selling the code signing certificate. Among them, Sectigo sells the most affordable and reliable certificates. It is the only CA that sells code signing certificates for individual developers, too. You can check out the prices, features, types, and discounts on our product page<\/a>.<\/p>\n\n\n\n3. Email Signing Certificate<\/h3>\n\n\n\n
An email signing certificate, also known as a secure email\ncertificate<\/a> or S\/MIME certificate, is used to secure communication between\ntwo email clients. By encrypting the email data before it ever leaves your\nemail client, it secures your data while it\u2019s in transit and at rest. This\nPKI certificate enhances email security by enabling you to digitally sign your\nemails and encrypt them. It ensures the integrity of the email content,\nprovides prevention from eavesdropping and gives assurance about the sender\u2019s\nidentity.<\/p>\n\n\n\nHow Do Email Signing Certificates Work?<\/h4>\n\n\n\n\n- When you buy an email signing certificate, the\nCA will send an email titled “Please verify your application” with a\nunique set of instructions.<\/li>\n\n\n\n
- Once you complete the validation procedure, the\nCA will issue you an email signing certificate, which you need to install on\nyour email client. <\/li>\n\n\n\n
- Now, you can digitally sign all the outgoing\nemails using your private keys. The email signing certificate hashes the\ndigital signature and the rest of the email content and encrypts this hash\nvalue. <\/li>\n\n\n\n
- When the recipient receives the email, their\nemail client will generate another hash value. If an email or the digital\nsignature has tampered in the transit, the original email’s hash value will\nchange. And the recipient will get alert that the integrity of the email has\nbeen compromised in the transit. <\/li>\n\n\n\n
- To encrypt an email, you use you recipient\u2019s\npublic key and they use their corresponding private key to decrypt the message\nonce they receive it.<\/li>\n<\/ul>\n\n\n\n
How to Get a PKI\nEmail Singing Certificate: You can get one of the industry\u2019s leading email\nsigning certificates at a discounted rate from SectigoStore.com<\/a>.<\/p>\n\n\n\n4. Document Signing Certificate<\/h3>\n\n\n\n
The document signing certificate is a way to protect\nthe documents which are sent over insecure internet. In a nutshell, these\ncertificates validate a file creator\u2019s identity as well as the integrity of the\nfile itself.<\/p>\n\n\n\n
How Do Document Signing Certificates Work?<\/h4>\n\n\n\n\n- The PKI certificate authority follows a rigorous vetting process to verify the identity of the applicant (the person signing the document) and the organization itself. They make sure the person who is signing the document is the authorized representative of the company. <\/li>\n\n\n\n
- Once the verification procedure is done, the PKI CA mails a USB drive (a token) containing the document signing certificate and private key to your organization\u2019s physical address. <\/li>\n\n\n\n
- The user can attach their digital signature on the document using this private key. <\/li>\n\n\n\n
- The document signing certificate hashes the entire document along with the digital signature and encrypts the hash value. <\/li>\n\n\n\n
- When the recipient receives the encrypted document, another hash value is generated, which must be the same as the one that came along the document.<\/li>\n\n\n\n
- The intact hash value is proof that the document is in the same condition as it was sent-without any tempering. <\/li>\n\n\n\n
- The digital signature is made of 2048-bit RSA Key, which is impossible to forge. If someone tampers with it, the hash value changes, indicating its compromise. Thus, the digital signature assures the identity of the document signer. <\/li>\n<\/ul>\n\n\n\n
The Role of a PKI Certificate Authority Regarding PKI Certificates<\/h2>\n\n\n\n
The organizations that are trusted to issue the PKI certificate are sometimes called PKI certificate authorities or PKI CAs<\/strong>. Most commonly, though, they\u2019re just called certificate authorities or CAs. <\/p>\n\n\n\nOne of the major pillars of the PKI certificate is identity\nassurance. When you try to access some services on a website, the website\nverifies your identity by asking your passwords, one-time pins (OTPs), security\nquestions, etc. But how can your browser (client) authenticate the website? In\nother words, how can you make sure that the website you\u2019re trying to\ncommunicate with is who it claims to be, and that your information isn\u2019t being\nredirected to any other website\u2019s server? <\/p>\n\n\n\n
This is where a PKI certificate authority comes into the picture.\n<\/p>\n\n\n\n
The PKI certificate authority<\/a> serves as a third-party mediator who is trusted by both parties in a transaction. They\u2019re responsible for issuing (and revoking) PKI digital certificates and managing the public keys and credentials that are used for data encryption. A PKI CA verifies the identity of the certificate owner, binds the public key with the PKI certificate, and puts a digital signature on the certificate using its private key.<\/p>\n\n\n\nAll the PKI certificate authorities must follow the certificate format defined by X.509<\/a> standards. They also need to strictly abide by the validation, issuance, and revocation rules specified by the Certificate Authority\/Browser Forum (CA\/B Forum<\/a>).<\/p>\n\n\n\nThe most recognized and widely used PKI certificate\nauthorities include:<\/p>\n\n\n\n
\n- Sectigo (formerly Comodo CA)<\/li>\n\n\n\n
- DigiCert <\/li>\n\n\n\n
- GoDaddy<\/li>\n\n\n\n
- Entrust<\/li>\n<\/ul>\n\n\n\n
Where Cryptographic Keys Fit into the Equation<\/h3>\n\n\n\n
Each website, email client, or software publisher’s server\nhas its own unique set of cryptographic public and private keys. The public key\nis available to everyone and is used to encrypt the data. The private key, on\nthe other hand, is confidential and must be stored by the PKI certificate owner\nsafely on their server. By keeping the private key a secret, any data that\u2019s encrypted\nusing the public key can be decrypted by the corresponding private key. <\/p>\n\n\n\n
These keys are made of using different types of algorithms, such as Rivest-Shamir-Adleman (RSA<\/a>) or Elliptic Curve Cryptography (ECC). The strength of these keys varies from 1024 bits to 4096 bits. <\/p>\n\n\n\nThese certificates are an integral part of PKI.<\/p>\n\n\n\n
A Final Word on PKI Certificates<\/h2>\n\n\n\n
People have some strange misconceptions about cybersecurity, such as that small companies or start-ups are safe online, that government agencies and big companies always take high precautions to save their data, etc. However, real cybercrime statistics<\/a> reveal a totally opposite scenario \u2014 one in which, no matter how big or small your organization is, it\u2019s at risk. <\/p>\n\n\n\nBeing cybersecurity vigilant is a need that continues to\ngrow as cybercriminals get smarter and more creative with their attacks. PKI\ntechnology is the revolution in the world electronic communication. You must\ninstall an appropriate PKI certificate on your system to protect you and your\nusers from various types of cyber-attacks such as man-in-the-middle attacks,\nemail spoofing, phishing\nattacks<\/a>, distributed denial of service (DDoS\nattacks<\/a>), session hijacking, etc. Otherwise, a single cyber-attack is\nenough for an organization to lose its hard-earned reputation and millions of\ndollars in potential lawsuits and noncompliance penalties. <\/p>\n","protected":false},"excerpt":{"rendered":"PKI: Explore how these 4 popular PKI certificates secure your organization’s security posture in an insecure digital world To facilitate secure data transfer between two endpoints, public key infrastructure (PKI)…<\/p>\n","protected":false},"author":6,"featured_media":817,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[47,1],"tags":[54,53],"class_list":["post-813","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-email-security","category-web-security","tag-pki","tag-public-key-encryption","post-with-tags"],"yoast_head":"\n
PKI: What Is a PKI Certificate and How Do I Get One?<\/title>\n<meta name=\"description\" content=\"A PKI certificate is a digital certificate that uses public key encryption technology to secure the interactions that occur in our insecure digital world.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PKI: What Is a PKI Certificate and How Do I Get One?\" \/>\n<meta property=\"og:description\" content=\"A PKI certificate is a digital certificate that uses public key encryption technology to secure the interactions that occur in our insecure digital world.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/\" \/>\n<meta property=\"og:site_name\" content=\"InfoSec Insights\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-09T13:55:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-14T18:59:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/bigstock-223372087.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Medha Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Medha Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/\"},\"author\":{\"name\":\"Medha Mehta\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/41d095943b7798ade1bc3683c8822f15\"},\"headline\":\"What Is a PKI Certificate and How Do I Get One?\",\"datePublished\":\"2020-04-09T13:55:00+00:00\",\"dateModified\":\"2023-02-14T18:59:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/\"},\"wordCount\":2284,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/bigstock-223372087.jpg\",\"keywords\":[\"pki\",\"public key encryption\"],\"articleSection\":[\"Email Security\",\"Web Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/\",\"name\":\"PKI: What Is a PKI Certificate and How Do I Get One?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/bigstock-223372087.jpg\",\"datePublished\":\"2020-04-09T13:55:00+00:00\",\"dateModified\":\"2023-02-14T18:59:13+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/41d095943b7798ade1bc3683c8822f15\"},\"description\":\"A PKI certificate is a digital certificate that uses public key encryption technology to secure the interactions that occur in our insecure digital world.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/bigstock-223372087.jpg\",\"contentUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/bigstock-223372087.jpg\",\"width\":1600,\"height\":1000,\"caption\":\"Graphic representing a variety of PKI certificate types\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is a PKI Certificate and How Do I Get One?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\",\"name\":\"InfoSec Insights\",\"description\":\"SectigoStore.com Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/41d095943b7798ade1bc3683c8822f15\",\"name\":\"Medha Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a1e5b5025e87d4e1acfd683fbede8c366e652e9ddb2164b7a0d0a77e2d9da727?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a1e5b5025e87d4e1acfd683fbede8c366e652e9ddb2164b7a0d0a77e2d9da727?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a1e5b5025e87d4e1acfd683fbede8c366e652e9ddb2164b7a0d0a77e2d9da727?s=96&d=mm&r=g\",\"caption\":\"Medha Mehta\"},\"description\":\"Medha is a regular contributor to InfoSec Insights. She's a tech enthusiast and writes about technology, website security, cryptography, cyber security, and data protection.\",\"sameAs\":[\"https:\\\/\\\/sectigostore.com\\\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PKI: What Is a PKI Certificate and How Do I Get One?","description":"A PKI certificate is a digital certificate that uses public key encryption technology to secure the interactions that occur in our insecure digital world.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/","og_locale":"en_US","og_type":"article","og_title":"PKI: What Is a PKI Certificate and How Do I Get One?","og_description":"A PKI certificate is a digital certificate that uses public key encryption technology to secure the interactions that occur in our insecure digital world.","og_url":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/","og_site_name":"InfoSec Insights","article_published_time":"2020-04-09T13:55:00+00:00","article_modified_time":"2023-02-14T18:59:13+00:00","og_image":[{"width":1600,"height":1000,"url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/bigstock-223372087.jpg","type":"image\/jpeg"}],"author":"Medha Mehta","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Medha Mehta","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#article","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/"},"author":{"name":"Medha Mehta","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/41d095943b7798ade1bc3683c8822f15"},"headline":"What Is a PKI Certificate and How Do I Get One?","datePublished":"2020-04-09T13:55:00+00:00","dateModified":"2023-02-14T18:59:13+00:00","mainEntityOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/"},"wordCount":2284,"commentCount":0,"image":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/bigstock-223372087.jpg","keywords":["pki","public key encryption"],"articleSection":["Email Security","Web Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/","url":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/","name":"PKI: What Is a PKI Certificate and How Do I Get One?","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#primaryimage"},"image":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/bigstock-223372087.jpg","datePublished":"2020-04-09T13:55:00+00:00","dateModified":"2023-02-14T18:59:13+00:00","author":{"@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/41d095943b7798ade1bc3683c8822f15"},"description":"A PKI certificate is a digital certificate that uses public key encryption technology to secure the interactions that occur in our insecure digital world.","breadcrumb":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#primaryimage","url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/bigstock-223372087.jpg","contentUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/bigstock-223372087.jpg","width":1600,"height":1000,"caption":"Graphic representing a variety of PKI certificate types"},{"@type":"BreadcrumbList","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sectigostore.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What Is a PKI Certificate and How Do I Get One?"}]},{"@type":"WebSite","@id":"https:\/\/sectigostore.com\/blog\/#website","url":"https:\/\/sectigostore.com\/blog\/","name":"InfoSec Insights","description":"SectigoStore.com Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sectigostore.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/41d095943b7798ade1bc3683c8822f15","name":"Medha Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a1e5b5025e87d4e1acfd683fbede8c366e652e9ddb2164b7a0d0a77e2d9da727?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a1e5b5025e87d4e1acfd683fbede8c366e652e9ddb2164b7a0d0a77e2d9da727?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a1e5b5025e87d4e1acfd683fbede8c366e652e9ddb2164b7a0d0a77e2d9da727?s=96&d=mm&r=g","caption":"Medha Mehta"},"description":"Medha is a regular contributor to InfoSec Insights. She's a tech enthusiast and writes about technology, website security, cryptography, cyber security, and data protection.","sameAs":["https:\/\/sectigostore.com\/"]}]}},"_links":{"self":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/comments?post=813"}],"version-history":[{"count":0,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/813\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media\/817"}],"wp:attachment":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media?parent=813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/categories?post=813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/tags?post=813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/figure>\n<\/div>\n\n\nFrom a high-level perspective, PKI certificates are types of\ndata files that convey specific information about their individual certificate\nrequesters and are used to negotiate encryption parameters. In general, they\nuse mathematical formulas to: <\/p>\n\n\n\n
- \n
- validate the identity of servers, browsers, websites, email clients, software developers, and publishers;<\/li>\n\n\n\n
- encrypt and decrypt data at rest (such as emails and files sitting on servers); <\/li>\n\n\n\n
- secure the transmission of data in transit via the internet (including ecommerce transactions);<\/li>\n\n\n\n
- attach digital signatures to software, documents, and emails. <\/li>\n<\/ul>\n\n\n\n
Types of PKI Certificates<\/h2>\n\n\n\n
The popular PKI certificates are as follows. <\/p>\n\n\n\n
SSL\/TLS Certificates<\/h3>\n\n\n\n
SSL\/TLS certificates<\/a> are useful for securing data transmission between a website\u2019s server and users\u2019 browsers. Website owner buys and installs SSL certs on the server where the website is hosted. These certificates vary in terms of:<\/p>\n\n\n\n
- \n
- validation \u2014 domain validation (DV)<\/a>, organization validation (OV)<\/a>, and extended validation (EV)<\/a><\/li>\n\n\n\n
- functionality (what they cover or secure) \u2014 single domains, multi domains<\/a>, single-level subdomains<\/a> (wildcards), and multiple sites and subdomains<\/a> (multi domain wildcards).<\/li>\n<\/ul>\n\n\n\n
Personal Authentication Certificates<\/h3>\n\n\n\n
Personal authentication certificates, also known as email signing certificates<\/a> and S\/MIME certificates, are useful for securing email communications by inserting digital signatures and using hashing functionality. They also can be used for the client (i.e. recipient) authentication.<\/p>\n\n\n\n
Code Signing Certificates<\/h3>\n\n\n\n
Code signing certificates<\/a> are perfect for protecting downloadable software, drivers, and executables. Software developers and publishers use them. These certificates are available in organizational (OV) or individual validation (IV) format, as well as extended validation and help software developers avoid the security warnings.<\/p>\n\n\n\n
Document Signing Certificates<\/h3>\n\n\n\n
Document signing certificates<\/a> are useful for securing documents shared over the internet by inserting digital signatures and using hashing functionality.<\/p>\n\n\n\n
We\u2019ll talk more later about each of these types of\ncertificates and their individual uses. In the meantime, let\u2019s understand where\nPKI certificate keys come into play. <\/p>\n\n\n\n
What Is Public Key Infrastructure?<\/h3>\n\n\n\n
Public key infrastructure<\/a> is the set of technologies, policies, frameworks, procedures, that encompasses and supports public key encryption and authentication. PKI was developed<\/a> by a British intelligence agency named Government Communications Headquarters (GCHQ) back in the 1960s. <\/p>\n\n\n\n
A PKI certificate involves the use of mathematically related key pairs, known as the public key and private key<\/strong>, which are generated and assigned to verify the identities of the endpoints. These keys are also used for encrypting and decrypting the data.<\/p>\n\n\n\n
To read more on PKI basics<\/a>, be sure to check out our related article o the topic.<\/p>\n\n\n\n
How to Get a PKI Certificate <\/h2>\n\n\n\n
Before deciding how to get a PKI certificate (whether you wish to purchase one from a CA, reseller, or web hosting provider), you should be aware of which PKI certificate you require for your platform. Here, we have listed the most common types of PKI certificates, how they are used, and where you can buy them:<\/p>\n\n\n\n
1. SSL\/TLS Certificates<\/h3>\n\n\n\n
SSL\/TLS certificates, which are\nalso known as HTTPS certificates (and are most frequently referred to when\ntalking about PKI certificates), are used by website owners to secure the\ncommunication between a website (server) and the client (browser). They facilitate\nidentity assurance and encryption using PKI technology. <\/p>\n\n\n\n
How Do SSL\/TLS Certificates Work?<\/h4>\n\n\n\n
- \n
- When you apply for an SSL certificate and complete the verification procedure<\/a>, the PKI certificate authority issues an SSL\/TLS certificate to the hostname (website\u2019s domain name or IP address), attaches the public key to it, and signs the certificate with its own root (or, more commonly, its intermediate root) certificate.\n
- \n
- When someone tries to open a website, the browser (client) verifies the PKI certificate authority\u2019s signature from its pre-installed root store.<\/li>\n\n\n\n
- The browser creates a session key and encrypts it using the public key of the website.<\/li>\n\n\n\n
- This encrypted session key reaches to the website\u2019s server. The server then decrypts it by using the website\u2019s private key.<\/li>\n\n\n\n
- Now, this session key is used for encrypting and decrypting data transmitted between browser and server for that entire session.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
How to Get a PKI SSL\/TLS Certificate: You can buy an authentic SSL\/TLS certificate from the top-notch PKI certificate authority Sectigo<\/a>. <\/p>\n\n\n\n
Please note that there are many types of SS\/TLS certificates available in the market. To understand which SSL\/TLS is best suitable for your website, please refer to our SSL\/TLS Types<\/a> page.<\/p>\n\n\n\n
2. Code Signing Certificates\/Software Signing Certificate<\/h3>\n\n\n\n
These PKI certificates are used to secure downloadable software such as device drivers, applications, executables, and scripts. A code signing certificate<\/a> is purchased and used by software developers\/publishers. <\/p>\n\n\n\n
How Do Code Signing Certificates Work?<\/h4>\n\n\n\n
- \n
- The CA will verify the identity of the applicant\nor the organization and before issuing a code signing certificate to any\nentity. <\/li>\n\n\n\n
- The CA attaches the public key to the code\nsigning certificate and signs the certificate. Its corresponding private key\nwill be safely stored with the software publisher.<\/li>\n\n\n\n
- After finishing a piece of software, the\nsoftware publisher will use their private key to insert a digital signature. No\none can copy, delete, or modify this digital signature. <\/li>\n\n\n\n
- Unlike an SSL certificate, the code signing\ncertificate doesn’t encrypt the code itself. Instead, it hashes the entire code\nalong with the digital signature. \n<\/li>\n\n\n\n
- When a user tries to download the software, their\nsystem checks the PKI certificate authority\u2019s signature. Then, it generates the\nhash value, which must match with the hash value received with the software. <\/li>\n\n\n\n
- The intact hash value shows that software is in\nthe same condition as it was last developed and signed by the software\ndeveloper. This communicates that it was not tampered with or altered while it\nis in transit. <\/li>\n<\/ul>\n\n\n\n
How to Get a PKI Code Signing Certificate: There are many PKI certificate authorities selling the code signing certificate. Among them, Sectigo sells the most affordable and reliable certificates. It is the only CA that sells code signing certificates for individual developers, too. You can check out the prices, features, types, and discounts on our product page<\/a>.<\/p>\n\n\n\n
3. Email Signing Certificate<\/h3>\n\n\n\n
An email signing certificate, also known as a secure email\ncertificate<\/a> or S\/MIME certificate, is used to secure communication between\ntwo email clients. By encrypting the email data before it ever leaves your\nemail client, it secures your data while it\u2019s in transit and at rest. This\nPKI certificate enhances email security by enabling you to digitally sign your\nemails and encrypt them. It ensures the integrity of the email content,\nprovides prevention from eavesdropping and gives assurance about the sender\u2019s\nidentity.<\/p>\n\n\n\n
How Do Email Signing Certificates Work?<\/h4>\n\n\n\n
- \n
- When you buy an email signing certificate, the\nCA will send an email titled “Please verify your application” with a\nunique set of instructions.<\/li>\n\n\n\n
- Once you complete the validation procedure, the\nCA will issue you an email signing certificate, which you need to install on\nyour email client. <\/li>\n\n\n\n
- Now, you can digitally sign all the outgoing\nemails using your private keys. The email signing certificate hashes the\ndigital signature and the rest of the email content and encrypts this hash\nvalue. <\/li>\n\n\n\n
- When the recipient receives the email, their\nemail client will generate another hash value. If an email or the digital\nsignature has tampered in the transit, the original email’s hash value will\nchange. And the recipient will get alert that the integrity of the email has\nbeen compromised in the transit. <\/li>\n\n\n\n
- To encrypt an email, you use you recipient\u2019s\npublic key and they use their corresponding private key to decrypt the message\nonce they receive it.<\/li>\n<\/ul>\n\n\n\n
How to Get a PKI\nEmail Singing Certificate: You can get one of the industry\u2019s leading email\nsigning certificates at a discounted rate from SectigoStore.com<\/a>.<\/p>\n\n\n\n
4. Document Signing Certificate<\/h3>\n\n\n\n
The document signing certificate is a way to protect\nthe documents which are sent over insecure internet. In a nutshell, these\ncertificates validate a file creator\u2019s identity as well as the integrity of the\nfile itself.<\/p>\n\n\n\n
How Do Document Signing Certificates Work?<\/h4>\n\n\n\n
- \n
- The PKI certificate authority follows a rigorous vetting process to verify the identity of the applicant (the person signing the document) and the organization itself. They make sure the person who is signing the document is the authorized representative of the company. <\/li>\n\n\n\n
- Once the verification procedure is done, the PKI CA mails a USB drive (a token) containing the document signing certificate and private key to your organization\u2019s physical address. <\/li>\n\n\n\n
- The user can attach their digital signature on the document using this private key. <\/li>\n\n\n\n
- The document signing certificate hashes the entire document along with the digital signature and encrypts the hash value. <\/li>\n\n\n\n
- When the recipient receives the encrypted document, another hash value is generated, which must be the same as the one that came along the document.<\/li>\n\n\n\n
- The intact hash value is proof that the document is in the same condition as it was sent-without any tempering. <\/li>\n\n\n\n
- The digital signature is made of 2048-bit RSA Key, which is impossible to forge. If someone tampers with it, the hash value changes, indicating its compromise. Thus, the digital signature assures the identity of the document signer. <\/li>\n<\/ul>\n\n\n\n
The Role of a PKI Certificate Authority Regarding PKI Certificates<\/h2>\n\n\n\n
The organizations that are trusted to issue the PKI certificate are sometimes called PKI certificate authorities or PKI CAs<\/strong>. Most commonly, though, they\u2019re just called certificate authorities or CAs. <\/p>\n\n\n\n
One of the major pillars of the PKI certificate is identity\nassurance. When you try to access some services on a website, the website\nverifies your identity by asking your passwords, one-time pins (OTPs), security\nquestions, etc. But how can your browser (client) authenticate the website? In\nother words, how can you make sure that the website you\u2019re trying to\ncommunicate with is who it claims to be, and that your information isn\u2019t being\nredirected to any other website\u2019s server? <\/p>\n\n\n\n
This is where a PKI certificate authority comes into the picture.\n<\/p>\n\n\n\n
The PKI certificate authority<\/a> serves as a third-party mediator who is trusted by both parties in a transaction. They\u2019re responsible for issuing (and revoking) PKI digital certificates and managing the public keys and credentials that are used for data encryption. A PKI CA verifies the identity of the certificate owner, binds the public key with the PKI certificate, and puts a digital signature on the certificate using its private key.<\/p>\n\n\n\n
All the PKI certificate authorities must follow the certificate format defined by X.509<\/a> standards. They also need to strictly abide by the validation, issuance, and revocation rules specified by the Certificate Authority\/Browser Forum (CA\/B Forum<\/a>).<\/p>\n\n\n\n
The most recognized and widely used PKI certificate\nauthorities include:<\/p>\n\n\n\n
- \n
- Sectigo (formerly Comodo CA)<\/li>\n\n\n\n
- DigiCert <\/li>\n\n\n\n
- GoDaddy<\/li>\n\n\n\n
- Entrust<\/li>\n<\/ul>\n\n\n\n
Where Cryptographic Keys Fit into the Equation<\/h3>\n\n\n\n
Each website, email client, or software publisher’s server\nhas its own unique set of cryptographic public and private keys. The public key\nis available to everyone and is used to encrypt the data. The private key, on\nthe other hand, is confidential and must be stored by the PKI certificate owner\nsafely on their server. By keeping the private key a secret, any data that\u2019s encrypted\nusing the public key can be decrypted by the corresponding private key. <\/p>\n\n\n\n
These keys are made of using different types of algorithms, such as Rivest-Shamir-Adleman (RSA<\/a>) or Elliptic Curve Cryptography (ECC). The strength of these keys varies from 1024 bits to 4096 bits. <\/p>\n\n\n\n
These certificates are an integral part of PKI.<\/p>\n\n\n\n
A Final Word on PKI Certificates<\/h2>\n\n\n\n
People have some strange misconceptions about cybersecurity, such as that small companies or start-ups are safe online, that government agencies and big companies always take high precautions to save their data, etc. However, real cybercrime statistics<\/a> reveal a totally opposite scenario \u2014 one in which, no matter how big or small your organization is, it\u2019s at risk. <\/p>\n\n\n\n
Being cybersecurity vigilant is a need that continues to\ngrow as cybercriminals get smarter and more creative with their attacks. PKI\ntechnology is the revolution in the world electronic communication. You must\ninstall an appropriate PKI certificate on your system to protect you and your\nusers from various types of cyber-attacks such as man-in-the-middle attacks,\nemail spoofing, phishing\nattacks<\/a>, distributed denial of service (DDoS\nattacks<\/a>), session hijacking, etc. Otherwise, a single cyber-attack is\nenough for an organization to lose its hard-earned reputation and millions of\ndollars in potential lawsuits and noncompliance penalties. <\/p>\n","protected":false},"excerpt":{"rendered":"
PKI: Explore how these 4 popular PKI certificates secure your organization’s security posture in an insecure digital world To facilitate secure data transfer between two endpoints, public key infrastructure (PKI)…<\/p>\n","protected":false},"author":6,"featured_media":817,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[47,1],"tags":[54,53],"class_list":["post-813","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-email-security","category-web-security","tag-pki","tag-public-key-encryption","post-with-tags"],"yoast_head":"\n
PKI: What Is a PKI Certificate and How Do I Get One?<\/title>\n<meta name=\"description\" content=\"A PKI certificate is a digital certificate that uses public key encryption technology to secure the interactions that occur in our insecure digital world.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PKI: What Is a PKI Certificate and How Do I Get One?\" \/>\n<meta property=\"og:description\" content=\"A PKI certificate is a digital certificate that uses public key encryption technology to secure the interactions that occur in our insecure digital world.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/\" \/>\n<meta property=\"og:site_name\" content=\"InfoSec Insights\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-09T13:55:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-14T18:59:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/bigstock-223372087.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Medha Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Medha Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/\"},\"author\":{\"name\":\"Medha Mehta\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/41d095943b7798ade1bc3683c8822f15\"},\"headline\":\"What Is a PKI Certificate and How Do I Get One?\",\"datePublished\":\"2020-04-09T13:55:00+00:00\",\"dateModified\":\"2023-02-14T18:59:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/\"},\"wordCount\":2284,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/bigstock-223372087.jpg\",\"keywords\":[\"pki\",\"public key encryption\"],\"articleSection\":[\"Email Security\",\"Web Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/\",\"name\":\"PKI: What Is a PKI Certificate and How Do I Get One?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/bigstock-223372087.jpg\",\"datePublished\":\"2020-04-09T13:55:00+00:00\",\"dateModified\":\"2023-02-14T18:59:13+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/41d095943b7798ade1bc3683c8822f15\"},\"description\":\"A PKI certificate is a digital certificate that uses public key encryption technology to secure the interactions that occur in our insecure digital world.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/bigstock-223372087.jpg\",\"contentUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/bigstock-223372087.jpg\",\"width\":1600,\"height\":1000,\"caption\":\"Graphic representing a variety of PKI certificate types\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-pki-certificate\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is a PKI Certificate and How Do I Get One?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\",\"name\":\"InfoSec Insights\",\"description\":\"SectigoStore.com Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/41d095943b7798ade1bc3683c8822f15\",\"name\":\"Medha Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a1e5b5025e87d4e1acfd683fbede8c366e652e9ddb2164b7a0d0a77e2d9da727?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a1e5b5025e87d4e1acfd683fbede8c366e652e9ddb2164b7a0d0a77e2d9da727?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a1e5b5025e87d4e1acfd683fbede8c366e652e9ddb2164b7a0d0a77e2d9da727?s=96&d=mm&r=g\",\"caption\":\"Medha Mehta\"},\"description\":\"Medha is a regular contributor to InfoSec Insights. She's a tech enthusiast and writes about technology, website security, cryptography, cyber security, and data protection.\",\"sameAs\":[\"https:\\\/\\\/sectigostore.com\\\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PKI: What Is a PKI Certificate and How Do I Get One?","description":"A PKI certificate is a digital certificate that uses public key encryption technology to secure the interactions that occur in our insecure digital world.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/","og_locale":"en_US","og_type":"article","og_title":"PKI: What Is a PKI Certificate and How Do I Get One?","og_description":"A PKI certificate is a digital certificate that uses public key encryption technology to secure the interactions that occur in our insecure digital world.","og_url":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/","og_site_name":"InfoSec Insights","article_published_time":"2020-04-09T13:55:00+00:00","article_modified_time":"2023-02-14T18:59:13+00:00","og_image":[{"width":1600,"height":1000,"url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/bigstock-223372087.jpg","type":"image\/jpeg"}],"author":"Medha Mehta","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Medha Mehta","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#article","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/"},"author":{"name":"Medha Mehta","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/41d095943b7798ade1bc3683c8822f15"},"headline":"What Is a PKI Certificate and How Do I Get One?","datePublished":"2020-04-09T13:55:00+00:00","dateModified":"2023-02-14T18:59:13+00:00","mainEntityOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/"},"wordCount":2284,"commentCount":0,"image":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/bigstock-223372087.jpg","keywords":["pki","public key encryption"],"articleSection":["Email Security","Web Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/","url":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/","name":"PKI: What Is a PKI Certificate and How Do I Get One?","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#primaryimage"},"image":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/bigstock-223372087.jpg","datePublished":"2020-04-09T13:55:00+00:00","dateModified":"2023-02-14T18:59:13+00:00","author":{"@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/41d095943b7798ade1bc3683c8822f15"},"description":"A PKI certificate is a digital certificate that uses public key encryption technology to secure the interactions that occur in our insecure digital world.","breadcrumb":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#primaryimage","url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/bigstock-223372087.jpg","contentUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/bigstock-223372087.jpg","width":1600,"height":1000,"caption":"Graphic representing a variety of PKI certificate types"},{"@type":"BreadcrumbList","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sectigostore.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What Is a PKI Certificate and How Do I Get One?"}]},{"@type":"WebSite","@id":"https:\/\/sectigostore.com\/blog\/#website","url":"https:\/\/sectigostore.com\/blog\/","name":"InfoSec Insights","description":"SectigoStore.com Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sectigostore.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/41d095943b7798ade1bc3683c8822f15","name":"Medha Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a1e5b5025e87d4e1acfd683fbede8c366e652e9ddb2164b7a0d0a77e2d9da727?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a1e5b5025e87d4e1acfd683fbede8c366e652e9ddb2164b7a0d0a77e2d9da727?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a1e5b5025e87d4e1acfd683fbede8c366e652e9ddb2164b7a0d0a77e2d9da727?s=96&d=mm&r=g","caption":"Medha Mehta"},"description":"Medha is a regular contributor to InfoSec Insights. She's a tech enthusiast and writes about technology, website security, cryptography, cyber security, and data protection.","sameAs":["https:\/\/sectigostore.com\/"]}]}},"_links":{"self":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/comments?post=813"}],"version-history":[{"count":0,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/813\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media\/817"}],"wp:attachment":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media?parent=813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/categories?post=813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/tags?post=813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- functionality (what they cover or secure) \u2014 single domains, multi domains<\/a>, single-level subdomains<\/a> (wildcards), and multiple sites and subdomains<\/a> (multi domain wildcards).<\/li>\n<\/ul>\n\n\n\n
- validation \u2014 domain validation (DV)<\/a>, organization validation (OV)<\/a>, and extended validation (EV)<\/a><\/li>\n\n\n\n