Digitalni potpis – opšte

FAQ vezan za digitalne sertifikate :
What is a digital certificate?
In cryptography, a digital certificate is an electronic document that uses a digital signature to bind together a public key with an identity – this information can be a person’s name or the name of an organization, etc. The certificate is used to confirm that a public key belongs to a specific individual.

What does X509 refer to as it relates to digital certificates?
X509 is the industry standard for digital certificate format. It defined the various mandatory and optional attributes that can be defined within the certificate.

Why does a digital signature certificate have a limited validity period?
Digital signature certificates have an explicit start date and an explicit expiration date. Most applications check the validity period of a certificate when the digital certificate is used.
The signature certificate expiration date is also used for managing the certificate revocation list (CRL – see below). A certificate is removed from the revocation list when its natural expiration date arrives. As such, generally the shorter the certificate validity period, the shorter the CRL.

What is a digital signatures certificate revocation list?
Certificate Revocation List (CRL) is a method used in a public key infrastructure for maintaining access to servers in a network. A CRL is a list of digital signature users and their corresponding digital certificate status. A CRL specifies digital certificates that have been revoked in addition to the reason for the revocation.

What is an Online Certificate Status Protocol (OCSP) used for?
The Online Certificate Status Protocol (OCSP) is an Internet procedure used to acquire the revocation status of an X509 digital certificate. OCSP is an alternative to Certificate Revocation Lists (CRLs).

Is it safe to send my digital certificate via email?
Yes. A digital certificate only contains the public information of the user such as ID, name, and public key. The personal component of the user’s signature credentials, the private key, is not included in the certificate.

How can I apply for my personal digital certificate?
Digital certificates are issued by Certification Authorities (CAs). A CA can be a corporate CA for issuing digital certificates to the corporate employees, or it can be a commercial CA from which certificates can be purchased (e.g. Comodo, VeriSign, etc.). A CA is also incorporated within the CoSign Central box and is used for automatically issuing certificates to all corporate users.

What is a root certificate, and why do I need one?
A root certificate is one of two things: Either an unsigned public key certificate or a self-signed certificate used to identify the Root Certificate Authority (CA). The root certificate is in fact the anchor of trust in a digital certificate and is used for validating the entire certification tree.

What is worldwide verifiable certificate?
A worldwide verifiable certificate is a digital certificate whose root certificate is installed in standard Windows operating-systems, thus not requiring the explicit download and installation of the root certificate for digital signature validation.

What is a CDS certificate?
A CDS certificate is a digital certificate that is pre-installed in Adobe products and can be used for validating signatures in PDF documents. With CDS certificates, the user does not need to install the certificate (because it is already recognized by Adobe since it is CDS compliant), and the certificate does not require any special settings in Adobe.

What is the difference between a CoSign digital certificate and a third-party certificate?
CoSign-issued certificates and third-party certificates are both in standard X509 format.
CoSign digital signature certificates are automatically generated and managed for all valid CoSign users and are part of the standard CoSign digital signature solution suite. Third-party certificates need to be purchased from an external CA and typically have to be managed by the certificate owner.

What is the difference between a digital certificate and a digital ID?
A digital certificate is the digital identity of the certificate owner.

Neke bitne ekstenzije :
PFX – personal information exchange, sadrži i private i public ključeve
PVK – private key file
CER/SPC – certificate/software publishing credentials – javni ključ

Struktura X509 sertifikata : link

Zgodan link : link