A participant (14) in electronic commerce can validate his/her own certificate (24, 31) by accessing an authority (28, 32) that checks whether the participant's certificate is valid. If the certificate is valid, the authority embeds with the participant's terminal (12) a block of data, in the form of a Cookie (28, 30) that includes a plurality of attributes indicative of the certificate, for example, the certificate's date of expiration. When accessing a secure application (16), the participant presents both the certificate and the authenticating Cookie, obviating the need for a real-time inquiry to the authority, unless the Cookie is stale or missing.