An attestation is the act of confirming that a digital document has been issued by an organization.

By verifying that the signature on digital documents matches the issuing organization, certificates are more secure than handwritten signatures. A certificate attestation can be used as proof or legal evidence. They’re also one of the most significant steps to ensuring online safety and security.

The following is an example of the attestation process:

Step 1. An organization asks a qualified authority to issue a certificate to its employees.

Step 2. The qualified authority confirms the identity of the organization, which involves several steps to ensure the request is legitimate. This includes checking key information such as names, contacts, and other details provided by the organization against various state-approved databases. The authority also examines financial records and other documents to ensure everything matches up. Only when all vetting requirements are satisfied it will issue a certificate that’s valid for an indefinite period of time (commonly 5 or 10 years).

Step 3. The organization receives the attestation and applies it to all documents that require a verified signature.

“Attestation certificate” is a term often used interchangeably with it. They both refer to the same type of certification, which is verification of an organization or individual’s identity or credentials by a qualified authority. Commonly, the term it applies to both personal and corporate certificates of identity. Examples of such certificates include:


The main purpose is two-fold:

There are two types of certificate attestation: third-party and self-signed certificates.

Third-party attestation involves a certificate authority (CA) issuing a certificate to an organization, which the organization then uses to prove its identity. Third-party certificates are preferable because they’re issued by an organization with the reputation for credibility and trustworthiness.

The CA issues its own digital certificates to ensure that their own services are protected from security threats. This prevents attackers from impersonating the CA, which would otherwise allow them access to user information or leak private keys that could be used for spoofing.

Self-signed certificates are also called self-issued certificates. They’re digital documents issued by any individual or organization without consulting a third party CA. They’re often used for internal purposes, such as email encryption, website security, and software protection.

The main difference between self-issued certificates and third-party certificates is that third-party certificates are verified by a reputable CA. Thus, they carry more credibility than self-issued certificates. This makes them easier to trust in both business and personal transactions.

Attestation can be performed by public authorities (CA), the private sector (businesses) or individuals (consumers).

Third-party attestation is usually performed by common authorities of various countries. These are often called “root CAs”. For various reasons, the list of trusted CAs is not static. Thus, the current list of trusted or commonly used prominent root CAs varies from one country to another.