Digital certificate development
What are digital certificates?
Like an authority that is accepted by all (police), it issues physical documents, such as identity cards or passports and when we show them to a third party they have no doubt that we are who we say we are, there are organisms that create -issue- small software pieces by which it is ensured that the owner -in effect, installs- has a certain identity.
In fact, because they are not physical plasticized documents, but software, digital certificates can guarantee not only the people identity, but also:
Servers | Websites | Software | Public Officers | Devices
In this way, when we enter a website, for example, the digital certificates make our browser trigger a reaction so it shows us that yes, this is the site we were looking for and not a forgery.
The Certification Authorities (CA)
These are organizations trusted to issue these software (the certificates) that will identify us. For example, some of these ones in Spain are:
- National Mint (FNMT)
- Catalan Agency for Certification (CATCert)
- Certification Authority of the Valencian Community (ACCV)
These agencies will collect certain information from us, or they will ask us to come to their
offices in order to show documents certifying our identity. Finally, they will send us
the certificate that, after being installed in our computer, will make our browsers
present the certificate information when we access any site that requests it.
The Public Administration (Government)
“This Law recognizes the right of citizens to interact with the Public Administrations by electronic means“ Law 11/2007. Article 1.1
So every public institution, council company or official organism is under the obligation to provide different interaction modalities, personally or electronically, to whoever wishes and without moving from their home. In addition to other considerations that are not relevant, a key one is the imperative need to confirm the identity of who is using a smartphone, tablet or PC for management purposes.
Just as the public administration wants to know who is interacting with it telematically, citizens have the right to be sure that when they access a site, for example https://www.agenciatributaria.es/ is really that site. This functionality is performed by a digital server certificate.
When our organization goes to server certificate issuers looking to get one we must issue a CSR (Certificate Signing Request) Then, after processing it, the Certification Authority (Comodo, Symantec, etc) will generate a SSL certificate that we can install in the server we want to secure.
Subsequently, after being properly configured, any browser accessing our website will be able to establish a secure SSL communication. The url will show that the communication protocol is not http:// but https:// obviously, the “s” indicates secure protocol.
They are those that, properly enabled, guarantee that the software made by our organization is safe, is not corrupted, and can be downloaded and installed with our support.
These acronyms correspond to: Online Certificate Status Protocol. This service is responsible for ensuring that a certificate is still valid, has not expired and can therefore continue to be relied upon. CA organizations, i.e. the primary certificate issuer or root authority – manage a database of the serial numbers of all certificates they have issued.
Thus, they can know if they remain valid or not depending on their expiration date or other considerations. Hence, when a software communicates with the databases that have such information through the OCSP protocol, it can get to know if a given certificate is valid or not.
And make everything work…
These and related technologies are being used by Flash Data in our customers’ developments, mainly institutional, who have needed to fulfill the legal requirements in their Websites and in many processes in their BackOffice. For example, the Electronic headquarters of the Housing Institute of the Barcelona City Council (https://portal.imhab.cat).