Certificates allow you to 'sign' communications so that you can ensure that they are coming from a trusted source.. whenever you visit a secure website, they haev a certificate -- signed by one of the big certificate companies like thawte or verisign, who have checked that these people are who they say they are, and thus if you trust thawte / verisign, you can trust these people...
Then you can view the certificate and decide that yes, these people are who they say they are.. and you can carry out some transaction with them.
You need it to ensure that the person you are communicating with are who they claim to be.. the only way you can do this is to get a third party who you trust to validate them as genuine..
Public key / private keys belong to what is known as asymmetric encryption. In normal symmetric encryption, you encrypt data with one passphrase (or key), and decrypt it with the same.
In public / private encryption (also known as PKI) You generate TWO keys.. the private key you never ever give out.. the public key can be freely given out. These two keys are mathematically derived from each other in such a way that you can't get the private key knowing the public key. Heres an example of how they work :
You want to email me something confidential.. you encrypt the message to my public key (which is freely available).. when I get the message.. I decrypt it with my PRIVATE key.. which nobody else has, and is hte only key that can decrypt it.
Another way this works is to 'sign' a message.. I want to post a message, and you want to check that it is really from me...
I encrypt it with my PRIVATE key.. and then when you want to check it.. you can decrypt it with my public key.. if it decrypts properly.. the message was from me.. no other key other than my public key will decrypt it.
read here : www.articsoft.com/wp_pki_intro.htm
In Windows 2000+, a standalone CA is a certificate authority server (distributes and manages certificates), without integrating with active directory... the enterprise CA is closely tied in with active directory and publishes certificates etc through there.
read here : alacris.com/products/products_idNexus_ms_features.htm