I am trying to get my head round server certificates. Am I right in saying:
A certificate binds to the requester (ie client), to prove their identity. The certificate at the time of creation is for a certain security so if the name of the server changes, the certificate is invalid. So for an SSL cert, SSL can not be used.
Is this how a certificate works? How does it improve security for both server and client?
Certificates prove trust in only one direction and only say "the group that granted this certificate believe that this organization is who they claim to be".
The tine criteria is part of the vetting process. Just because something is good today says nothing about tomorrow.
The certificate store is simply a list of groups trusted to make this claim. The store varies between .applications, os etc.
Server and client certificates are the same thing, just used differently. The trust us established the same way.
You want to see the question How is it possible that people observing an HTTPS connection being established wouldn't know how to decrypt it? from the Security.SE website and also What is an SSL certificate intended to prove, and how does it do it?. Those will explain how SSL works as a whole along with how certificates are involved.
I don't know why I even started typing this answer as my knowledge is so scant, im only going to make myself look stupid, but here goes...
Basically SSL Server certificates combine 2 principles which are of benefit for the process of security between 2 remote parties on the internet.
The first is to prove the identity of the certificate holder, and the second is to encrypt the traffic using public key cryptography.
Starting with the second;
public key cryptography is a form of secrecy for data that involves a 2 part system in which there is a private secret key, and a public key. Anyone can use public key to communicate securely with the holder of the private key and this is good, and vice versa, because then no one can steal your credit card details.
However this doesn't guarantee the identity of the other party - when you put your credit card details into the web page, you not only want to be sure that no one on the internet can see it, you also want to be sure that the recipient is actually who they say they are, such as amazon or playboy tv.
The SSL server certificate is signed by a certificate authority that you have elected to trust by virtue of the fact that you trust microsoft, who have installed root certificates into your browser that they in turn trust.
So in summary a server certificate is essentially a proof that someone you trust implicitly, trusts them explicitly.
(and the certificate contains the other parties public key which you can use to encrypt stuff)
It really depends on what type of certificate you are talking about. In your question you mention server certificates. These would improve your security by proving to the CLIENT that your server is who it claims to be. This could be internally for communication between servers or externally for accessing a website (via SSL). Additionally, the certificate allows the communication between the two parties to be encrypted so that it can't be read by sniffing the traffic.
There are client certificates that are used to prove that you are who you say you are, or for encrypting files (say for example EFS certs on Windows).
Regardless of the type and use, the general security benefit is prove of identity and encryption of data.