Digital certificates allow a user that doesn't know your company to exchange information with your Web site privately, without being understood by others.
In order for this communication to take place both computers must exchange digital keys. To prevent others from seeing those keys, a mathematical system called public key cryptography* is used.
With this system, each computer will have a couple of mathematically related keys (large numbers): a private key and a public key. The concept is that data "closed" with the public key can only be "opened" with the private key. This way if your browser* and the Web site server exchange public keys, each of them can "close" the data they send to the other. Only the intended recipient will be able to understand ("open") it, ensuring private communication.
However, a hacker may intercept the initial key exchange and replace each of the public keys for his own, thereby being able to eavesdrop on all communication without being noticed. This is called the man-in-the-middle attack*.
To prevent this, the public key of at least one of the communicating parties should be authenticated by known and trusted parties. Those parties are called Certification Authorities* (CAs). An SSL/EV digital certificate* holds some information about its owner (including its public key), cryptographically signed* by the Certification Authority. The browser can now make sure that the certificate it's presented by the server really belongs to that site and hasn't been replaced.
Digital certificates are therefore the final piece of the puzzle that makes secure e-commerce work.
Amongst other technical data, the SSL/EV digital certificate will include the full name of its owner, and the city, region and country where it is headquartered. This is information that the Web site visitor may see to learn more about you.
The length that a CA goes to to authenticate this information and the public key is what distinguishes an SSL certificate from an EV (Extended Validation) certificate*. Due to market pressure, CAs have been simplifying the process of obtaining a digital certificate, which allowed hackers to claim to be someone else and get certificates. EV certificates cannot be expedited and require documented proof of ownership and real life phone contact with the requesting party in order to be issued.
It is because of the authentication process itself, because of the risk in lost credibility if CAs authentication procedures fail and are victims of fraud, and in order to create a cost barrier for hackers that digital certificates have the cost they do.
Learn more about VeriSign