Which of the following is TRUE about digital certificate?

A.
It is the same as digital signature proving Integrity and Authenticity of the data

B.
Electronic credential proving that the person the certificate was issued to is who they claim to be.

C.
You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user.

D.
Can’t contain geography data such as country for example.

Explanation:
Each person who wants to participate in a PKI requires a digital certificate, which is a credential that contains
the public key for that individual along with other identifying information. The certificate is created and signed
(digital signature) by a trusted third party, which is a certificate authority (CA). When the CA signs the
certificate, it binds the individual’s identity to the public key, and the CA takes liability for the authenticity of that
individual. It is this trusted third party (the CA) that allows people who have never met to authenticate to each
other and to communicate in a secure method. If Kevin has never met Dave but would like to communicate
securely with him, and they both trust the same CA, then Kevin could retrieve Dave’s digital certificate and start
the process.
Incorrect Answers:
A: A digital certificate is not the same as a digital signature proving Integrity and Authenticity of the data. A
digital certificate binds a key to an identity.
C: It is not true that you can only get a digital certificate from Verisign, RSA if you wish to prove the key belong
to a specific user; you can get a digital certificate from any CA. The CA needs to be trusted however for the
certificate to be effective. The CA can be one of many ‘public’ CAs or it can be part of a private PKI.D: A digital certificate can contain geography data such as country for example.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 834