Creating a personal digital certificate

In this expert Q&A, identity management and access control pro Joel Dubin discusses the pros and cons associated with creating a personal digital certificate.

I want to create a personal digital certificate for a company, instead of requesting it from a certificate authority. Is this advisable, and what steps should I follow?

The only reason to create a personal digital certificate for a company is to acquire internal access . Otherwise, it won't be recognized by outsiders, unless it's registered with a certificate authority (CA), which could be a problem. For example, your Web site might depend on SSL, which requires publicly available digital certificates.

Without the CA seal of approval, you'd have to distribute the digital certificate on your own. Since most browsers have a built-in list of publicly known CAs, your personal digital certificate won't be recognized on the Web.

CAs are approved by the registration authority (RA), a trusted third-party that issues and verifies digital certificates. Remember, a digital certificate is like a driver's license. It's universally recognized because it's issued by a reliable source, like how a license is issued by a department of motor vehicles.

That doesn't mean you shouldn't issue your own certificate. If you're in a large organization and want to use it internally, it might make sense. Internally generated digital certificates can be used to verify network access for employees in distant departments. The digital certificate can provide additional authentication for access to files or systems from someone in a far away department.

Issuing digital certificates on your own can be done through a public key infrastructure (PKI). PKI is a dedicated system, or cluster of servers, that handles the creation of public keys associated with digital certificates. The PKI system creates, maintains and revokes certificates as needed.

PKI systems can be complicated and costly, but if your organization is large enough and the demand is there, it's worth it.

For more information:

  • In this expert Q&A, Ed Skoudis reveals what research needs to be done before importing a digital certificate into your browser.
  • In this expert answer, application security pro Michael Cobb emphasizes the importance of keeping your digital certificates up-to-date.
This was last published in June 2007

Dig Deeper on PKI and digital certificates