Before web site users give that all-important credit card number over the Internet, they have to trust your site. One of the main ways to enable that—apart from being a big name—is by using a digital server certificate. This certificate is used as a software basis to begin the process of encrypting web traffic so that credit card numbers being sent from a consumer in California to a supplier in Suburbia cannot be intercepted—either read or modified—while in transit by a hacker in Clayton. Encryption happens in both directions, so the sales receipt listing the credit card number goes back encrypted as well.

The digital server certificate is issued by one of a small handful of companies worldwide (each company is a known certification authority, abbreviated CA). These companies verify that the person to whom they are issuing the digital server certificate to really is who he claims to be, rather than, say, Dr. Evil. These companies then sign your server certificate using their own certificate. Theirs has been, in turn, signed by another, and so on. This series of certificates is known as a certificate chain. At the end of the chain, there is one master certificate, kept in a very secure location. The certificate chain is designed based on the "chain of trust" concept; for the process to work, everybody along the chain has to be trustworthy. Additionally, the technology has to be able to distinguish between the real holder of a real certificate, a false holder ...