Certificates and Authentication

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Authentication

Authentication is crucial to secure communication. Users must be able to prove their identity to those with whom they communicate and must be able to verify the identity of others. Authentication of identity on a network is complex because the communicating parties do not physically meet as they communicate. This can allow an unethical person to intercept messages or to impersonate another person or entity.

The digital certificate is a common credential that provides a means to verify identity. Certificates use cryptographic techniques to address the problem of the lack of physical contact between those communicating. Using these techniques limits the possibility of an unethical person intercepting, altering, or counterfeiting messages. These cryptographic techniques make certificates difficult to modify. Thus, it is difficult for an entity to impersonate someone else.

The data in a certificate includes the public cryptographic key from the certificate subject's public and private key pair. A message signed with its sender's private key can be verified by the message's recipient as authentic by using the sender's public key. This key can be found on a copy of the sender's certificate. Verifying a signature with a public key from a certificate proves that the signature was produced using the certificate subject's private key. If the sender has been vigilant and has kept the private key secret, the receiver can be confident in the identity of the message sender.

A few of the ways certificates are used to provide authentication are:

  • Authentication of a user to a secure Web site via the Transport Layer Security (TLS) or the Secure Sockets Layer (SSL) protocol.

  • Authentication of a server to a user via TLS.

  • Logging on to a Windows Server 2003 domain.

For more information about authentication and certificates, see Certificates Resources.