Digital Certificates

A digital certificate (also known as a public key certificate) is a digitally-signed document used to validate the identity of the sender in communication between a client and server.

Digital certificates are an essential component in TLS-secured communication.

They include a key that is used to encrypt and decrypt data, and they attest the identity of the certificate owner (typically the TLS server, such as a web site or a Uniface Router).

One algorithm is used to sign the certificate, in which a secret key is used to process the message (or a hash of the message, or both), and one for verification, in which the matching public key is used with the message to check the validity of the signature.

In Uniface, certificates may be required when:

  • Using the TLS connector to secure communication between Uniface Routers, Uniface Servers, and client applications. For more information, see TLS Connector.
  • Calling in or out to web services via HTTPS. For more information, see HTTPS Verification for Web Services.
  • Building and deploying mobile apps for iOS and Android. For more information, see Developing Mobile Apps.
  • Connecting to SMTP and POP servers using the UPOPMAIL component API. For more information see, SMTP and POP3 Email.

Certificate Content

Each certificate consists of a certificate file and a key file that are signed by a Certificate Authority (CA). The certificate can include the following information for use in verification:

  • Common Name (CN) of the certificate holder (usually in the form Host.Domain); for example, sales.mycompany.com or *.mycompany.com.
  • Subject Alternative Names (SANs), which are optional variations of the common name. These can be of different types, such DNS names, email addresses, URIs, and so on. During verification, these may be checked in addition to, or instead of, the Common Name.
  • Other certificate information, such as a serial number, expiry dates, and organization information.
  • Certificate holder's public key (used for encrypting messages and digital signatures). For more information, see Supported Cryptography Algorithms.
  • Digital signature of a certification authority, which is used to verify that the certificate is real.

When the connection between a client and server is first established, either or both can verify the identify of the other by means of the peer's digital certificate. For more information, see Certificate Verification.