A certificate is more than just an RSA key for authentication. Additionally, there is a unique serial number for easy referencing and an identity, which can be a person, computer, or group. The certificate binds the identity to the RSA key. Certificates also contain a time period for which this binding is considered valid. They can even contain information on where to verify the certificate. Finally, a purpose or group limitation can be included in the certificate.
A certificate is given out by an issuer. To prevent forgery, the entire certificate is protected by a cryptographic signature. Certificates enable us to:
Hand out digitally signed identities for hosts and users
Set a duration for the validity of the credentials (begin and end time)
Revoke an identity
Create a hierarchical structure for decision making (such as access restrictions)
Manage large numbers of identities
Delegate the management of these identities hierarchically
Set up trust relationships between...