The certificate confirms that the public key in the certificate belongs to the person, organization, server, or other entity specified in the certificate. The matching private key is not made available publicly, but kept secret by the user who generated the key pair.

Operating systems and browsers maintain lists of trusted root certificates so they can easily verify certificates that the certificate authorities have issued and signed.

If your connections go over the internet and are used by external parties, the best way to secure your connection is to purchase a signed certificate from an independent certificate authority. You can purchase certificates from a trusted third-party CAs, such as Symantec, Verizon, Let's Encrypt, CAcert, and many other organizations, both commercial and non-profit.

The trusted CA certificate may be delivered as a separate file or it may already reside on your system in a trust store, with other certificates. There can be more than one certificate if there is a chain of trust.

When a digital certificate is deployed internally (as is often the case with Uniface applications), you can act as your own certificate authority or create self-signed certificates. A self-signed certificate is both the certificate and the trusted CA certificate. For more information, see Acting as a Certificate Authority and Create a Self-Signed Certificate.