When we think of VPN, often our first thought is that the encryption of user data. They intend to read the data, however attacker could record conversations and then play back the reply among participants. What we need to do is to be able to ascertain the source of the original data, and that is where digital signatures and certificates come in.
To build a Digital Signature, public key encryption system should be in place. If you want to know about how to create online signature then make an online search.
Digital Signature Development entails applying a hash function to a message with a combination of the message with a secret key that is known and then applying a mathematical function that will generate a fixed length output known as a digest.
Image Source: Google
Receiver recalculates the hash function and compared with the signature after applying the public key. If the two match, then since only the originator can know the hash function and a private key, the message must be original.
A Digital Certificate is produced using some of the known information such as name, address, mother's maiden name, house number, National Insurance number, or indeed anything. This information is added to the public key and then used as part of a hash function to create the digest is then encrypted using the private key via a secure encryption system such as RSA or AES.
A Digital Certificate can be validated by passing through a process of public encryption with public key for the user to generate a digest. This can be compared with the digest calculation of the claimed identity of users and their public keys. If the two calculations produce the same results then the certificate is valid. Digital certificates are added to the message to verify the authenticity of the message source.