Using certificates for privacy and security

You can use certificates to protect your personally identifiable information on the Internet, and to protect your computer from unsafe software. A certificate is a statement verifying the identity of a person or the security of a Web site.

Internet Explorer uses two different types of certificates:

A "personal certificate" is a verification that you are who you say you are. This information is used when you send personal information over the Internet to a Web site that requires a certificate verifying your identity. You can control the use of your own identity by having a private key that only you know on your own computer. When used with e-mail programs, security certificates with private keys are also known as "digital IDs."
A "Web site certificate" states that a specific Web site is secure and genuine. It ensures that no other Web site can assume the identity of the original secure site. When you are sending personal information over the Internet, it is a good idea to check the certificate of the Web site you are using to ensure that it will protect your personally identifiable information. When you are downloading software from a Web site, you can use certificates to verify that the software is coming from a known, reliable source.

How do security certificates work?

A security certificate, whether it is a personal certificate or a Web site certificate, associates an identity with a "public key." Only the owner of the certificate knows the corresponding "private key." The "private key" allows the owner to make a "digital signature" or decrypt information encrypted with the corresponding "public key." When you send your certificate to other people, you are actually giving them your public key, so they can send you encrypted information that only you can decrypt and read with your private key.

The digital signature component of a security certificate is your electronic identity card. The digital signature tells the recipient that the information actually came from you and has not been forged or tampered with.

Before you can start sending encrypted or digitally signed information, you must obtain a certificate and set up Internet Explorer to use it. When you visit a secure Web site (one whose address starts with "https"), the site automatically sends you its certificate.

Where do you get your own security certificates?

Security certificates are issued by independent certification authorities. There are different classes of security certificates, each one providing a different level of credibility. You can obtain your personal security certificate from certification authorities.