How does a digital certificate prevent impersonation by holding other's certificate?

Question

As far as I know, a digital certificate contains information about a user or firm that has been vouched for by a trusted organization.

https://www.geeksforgeeks.org/digital-signatures-certificates/ says

Digital certificate is a file that ensures holder’s identity and provides security.

If person A holds the digital certificate of person B, can A impersonate B?

How does a digital certificate prevent impersonation by holding other's certificate? For example, when using certificates to authenticate a web server, how can a digital certificate prevent it from impersonating another web server by holding the other's certificate?

Thanks.

The description you quoted is a slight oversimplification. It's more that the _certificate_ holds the _identity_ of the person/entity being validated (e.g. a web-server address), the _private key_ authenticates_ (via the cryptographic process [mti2935's answer](https://security.stackexchange.com/a/225501/61744) mentions) that the certificate is being used by the person/entity it was issued to. — TripeHound, Feb 07 '20 at 13:57

score 3 · Accepted Answer · answered Feb 07 '20 at 12:14

3

No. Possession of the certificate alone is not enough to authenticate a user. The user must also have possession of the private key corresponding with the public key in the certificate, and must complete some cryptographic operation using that private key, to prove that they have possession of the private key. See Could a stolen certificate show as trusted? for more information.

answered Feb 07 '20 at 12:14

mti2935

19,868
2
45
64

Worth replacing "user" with a "web server", since that's what the OP asked about. – OfirD Sep 22 '20 at 20:19

How does a digital certificate prevent impersonation by holding other's certificate?

1 Answers1