OpenEdge Getting Started:<br />Core Business Services Digital certificates

The most widely accepted digital certificate is the X.509 public-key certificate, and it is issued by CAs in two major forms:

A server digital certificate issued to the holder of a private key that authorizes the identity established by the private key for the holder.

A root CA digital certificate issued to clients of a server that they use to authenticate the identity of the server when communications between the client and server begin. This authentication occurs by validating the root CA digital certificate against the server digital certificate.

Note: A CA digital certificate is a digital certificate used to assert and validate the identity of the CA to anyone who is validating a digital certificate that this CA has issued (such as a server digital certificate). A root CA digital certificate is a CA certificate that is at the top of the validation chain in the hierarchy of CAs. So, if the validation process does not trust the root certificate, there is no higher authentication authority to go to and the validation operation must fail.

Digital certificates have a number of properties, and one of the most important for a PKI is its specified lifetime, the time in which the digital certificate is valid. When a digital certificate’s lifetime has expired, it can no longer be used to assert or authenticate a server’s identity.