About digital certificates

When you communicate with a secure site, the information exchanged with the site is encrypted. This protects your login information, credit card numbers, addresses, and other secure data.

Certificates may be part of your digital identity and are stored on your PC or MAC. Within MAC OS X Keychain Access lets you manage your certificates and keychains.

When you go to a secure website, your browser checks the site's certificate and compares it with certificates that are known to be legitimate. If the website certificate is not recognized, or if the site doesn't have one, you receive a message.

The validity of a certificate is verified electronically using the public key infrastructure, or PKI. Certificates consist of your public key, the identity of the organization, the certificate authority (CA) that signed your certificate, along with other data that may be associated with your identity.

A certificate is usually restricted for particular uses, such as digital signatures, encryption, use with web servers, and so on. This is called the "key use" restriction. While it's possible to create one certificate for multiple uses, it's unusual to make one for all possible uses. Creating a certificate for multiple uses is also less secure.

A certificate is valid only for a limited time; it then becomes invalid and must be replaced with a newer version. The certificate authority can also revoke a certificate before it expires.

If you need to send a certificate to someone, you can export it, and then send it through email or by other means. Likewise, if someone sends you a certificate, you can add it to your browser or Keychain Access on a MAC.