Following are few certificate types:
- CA Certificates
- Server Certificates
- Client Certificates
- S/MIME Certificates
- Object Signing Certificates
CA Certificates:
root certificates a.k.a root certificates can be either certificate authority who issues certificates to all users in a public key infrastructure or a self signed certificates who subject and issuer are the same. Client and server software use CA certificates to determine what other certificates can be trusted.
Famous Roots:
thawte root, verisign, go daddy etc.
where can you view list of trusted root certificates:
Open internet explorer browser -> Tools -> Internet Options-> Content -> Certificates -> Trusted Root Certificates Authorities.
 | |
| trusted certificates list in internet explorer |
If the certificate is not in the trusted list and user tries to access resource over HTTPS, then browsers throw a warning message the certificates in not from trusted site.
As below:
warning from ie browser
Server Certificates:
Server Certificates are used to establish secure connection between client(browser) and web server.
this information allows browser to validate the web server.
generally server certificated are issued on machine name or web server name
where can I see server certificate:
client on https icon on any site which is using HTTPS connection. you can view it..
for blogger uses the below server certificate:
That tells the user that their interaction with the web site has no
eavesdroppers and that the web site is exactly who it claims to be.
Client Certificate:
During ssl transaction, sometimes web server also wants to validate the users before giving the web page to the user. This is where client certificates are used.
User authenticates to server by using client certificate and this authentication requires a client certificate in x.509 format from a CA.
 |
| sample client certificate details |
Client certificate authentication eliminates the disadvantage of having weak passwords.
S/MIME Certificates:
S/MIME stands for Secure/Multipurpose Internet Mail Extensions. It provides a method to send and receive messages namely email. this is used for encryption and decryption of mails.
Famous examples include S/MIME Certificates blackberry.
webmail clients (Gmail, Hotmail, Yahoo), do not support
SMIME certificates.
desktop email client like Microsoft outlook , Mozilla
Thunderbird support S/MIME
certificates.
All the programmer would be knowing about this. This is used to sign DLL's (Dynamic-link library) , jars and any software that is shipped to customer.
Most of the enterprise software's are signed for integrity check.
No comments:
Post a Comment