What’s a certificate?
A certificate is an attachment to an electronic document that allows the safe transfer of information over the internet. Certificates are used by web browsers and mail and texting apps.
When you communicate with a secure site, the information exchanged with the site is encrypted. This protects your login information, credit card numbers, addresses and other secure data.
In macOS, certificates are part of your digital identity and are stored in your keychain. Keychain Access lets you manage your certificates and keychains.
Certificates are issued by trusted organisations, such as VeriSign, Inc. or RSA Data Security, Inc. When you go to a secure website, macOS checks the site’s certificate and compares it with certificates that are known to be legitimate. If the website’s certificate is not recognised, or if the site doesn’t have one, you receive a message.
The validity of a certificate is verified electronically using the public key infrastructure, or PKI. Certificates consist of your public key, the identity of the organisation, the certificate authority (CA) that signed your certificate, and other data that may be associated with your identity.
A certificate is usually restricted for particular uses, such as digital signatures, encryption and use with web servers. This is called the “key use” restriction. Although it’s possible to create one certificate for multiple uses, it’s unusual to make one for all possible uses. Creating a certificate for multiple uses is also less secure.
A certificate is valid only for a limited time; it then becomes invalid and must be replaced with a newer version. The certificate authority can also revoke a certificate before it expires.
If you need to send a certificate to someone, you can export it using Keychain Access then send it via email or by other means. Likewise, if someone sends you a certificate, you can add it to your keychain by dragging it onto the Keychain Access icon, or by using the Import menu in Keychain Access.