A certificate is a set of data that completely identifies an entity, and is issued by a Certificate Authority (CA) only after that authority has verified the entity's identity. The data set includes the public cryptographic key tendered to the entity. When the sender of a message signs the message with its private key, the recipient of the message can use the sender's public key (retrieved from the certificate either sent with the message or available elsewhere in the directory service) to verify that the sender is legitimate.
Digital certificates are virtual documents which authenticate individuals and entities on a network. The use of certificates on a network is more complex than the use of a physical document because the communicating parties most likely will not physically meet. Consequently, a method or protocol is necessary to attain a high level of trust despite the lack of physical verification. Additionally, on a nonsecure network it is much easier to intercept messages and present fictitious identities. To prevent these problems, security protocols employing the cryptographic techniques described in earlier topics make it very difficult, if not impossible, for someone to falsify a certificate and present a false identity.