Certificates and PKI
A PKI certificate is a digital document issued by a CA that verifies the identity of a certificate subject and binds the identity to a public key. Each certificate has a corresponding private key that is stored separately. The public key and private key form an asymmetric key pair that can be used for data encryption and identity authentication. A CA signs the certificate to verify that entities that trust the CA can also trust the certificate.
Depending on the device capabilities and activation type, devices and apps can use certificates to:
- Authenticate using SSL/TLS when connecting to webpages that use HTTPS
- Authenticate with a work mail server
- Authenticate with a workWi-Finetwork or VPN
- Encrypt and sign email messages using S/MIME protection
Multiple certificates used for different purposes can be stored on a device.