As an example, let’s say your bank wants to send you your bank account balance.
That is, when you use your X.509 certificate with someone who needs to verify your identity, you both trust that a certain Certificate Authority has validated your identity.
Because the 3rd party trusts that the CA verified you, they in turn trust that your X.509 certificate really represents you and only you.
It does this via a mathematical concept known as cryptography basically means that one key is used to lock up data, but an entirely different key is used to unlock the data.
Asymmetric Key cryptography is also known as Public/Private Key cryptography for this reason: one of the two asymmetric keys can be freely given out to the world at large; anyone can see and use it, which is why it is called the ‘public’ key.
The bank can use your key to encrypt your bank account balance.
The encrypted data can be safely emailed directly to you (maybe as a file attachment), because it is all ‘jumbled up’ and no one can make sense of it (remember that public keys can not unlock data that was previously locked with the same public key).There are well-known global and public Certificate Authorities, such as Verisign and Digicert.But a Certificate Authority can also be any party that both you and the person verifying you agree to as trusted.Many companies have their own private Certificate Authorities used to verify employee identities, for example.In addition to verifying your identity, X.509 certificates can also be used to secure data intended for you so that prying eyes won’t be able to see it.Note: This content applies to the EWS Managed API 2.0 and earlier versions.