This page is obsolete and should be updated

In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.

In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users (“endorsements”). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together.

Classicaly they are different class of certificate:

  1. Class 1 for individuals, intended for email;
  2. Class 2 for organizations, for which proof of identity is required;
  3. Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority (CA).


Certificates are useful for large-scale public-key cryptography. Securely exchanging secret keys amongst users becomes impractical to the point of effective impossibility for anything other than quite small networks. Public key cryptography provides a way to avoid this problem.

A certificate typically includes:

  • The public key being signed.
  • A name, which can refer to a person, a computer or an organization.
  • A validity period.
  • The location (URL) of a revocation center.
  • The digital signature of the certificate, produced by the CA’s private key