Fly to San Francisco International Airport, flash two pieces of plastic, and you can drive away with a brand new car worth more than $20,000. The only assurance that the car rental agency has that you will return its automobile is your word—and the knowledge that if you break your word, they can destroy your credit rating and possibly have you thrown in jail.

Your word wouldn’t mean much to the rental company if they didn’t know who you are. It’s those pieces of plastic, combined with a nationwide computer network that reports if they are stolen, that gives the car rental firm and its insurance company the ability to trust you.

Digital certificates are designed to provide this same sort of assurance for transactions in cyberspace. Their effectiveness comes from a marriage of public key cryptography, a carefully created and maintained public key infrastructure (PKI), and the legal system.

This chapter describes how digital certificates work; it explains the role of the certification authorities (CAs) that issue the certificates; it explains the difference between client and server certificates; and it ends with some real-world observations about the role and usefulness of the digital signature technology.