Categories

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

What are digital certificates?

– A digital certificate is another name for the public key certificates.
– They are rarely referred to as the identity certificates.
– Digital certificates are an integral part of the cryptography.
– These are electronic documents that are used for binding the public key to an identity that make use of the digital signatures.
– The identity might be anything such as a person’s or an organization’s name or address and so on.
– This certificate verifies the key belongs to which individual.
– The CA or certificate authority gives its signature in the certificate under the typical PKI (public key infrastructure) scheme.
– Under a second scheme called the web of trust (WOB), the certificate is either signed by the user itself or its endorsements i.e., the other users.
– Whatever the scheme maybe, these signatures on the certificates attest that the public key and the identity information belong to the certificate signer.
– The system relies on something external to it in the case of the provable security.
– It leads to the consequence that whatever the public key certification scheme might be, it has to be based on some exclusive set up assumption.
– Existence of a CA or certificate authority is an example of such assumption.
– Using tools such as the open SSL’s ca command, we can create certificates for the servers that are based on UNIX.
– Another such tool is the SuSE’s gensslcert.
– These commands might even be used for issuing certificates that are unmanaged and other CA certificates that are used for the management of the other certificates.
– These commands are even issued for managing the digital certificate requests that have to be signed by the certificate authority.
– There are even other functions of these commands.there is certificate authority included as a part of the certificate services in the Microsoft windows 2000 and 2003 servers.
– However, in the windows server 2008, the certificate authority has been included with the active directory certificate services.
– The CA helps in the management of the certificates and issuing them to the computers or users.

    There are a number of certificate utilities offered by the Microsoft such as the following:

  • selfSSl.exe: for the creation of the unmanaged certificates
  • certreq.exe: for the creation and submission of the certificate requests to get them signed by the CA.
  • certutil.exe: for a number of other functions related to the certificates.

– However, in the MAC OS there is no separate certificate authority.
– Rather, the certificate services are provided by its key chain manager application whose basic function is to keep track of the log-in and other credentials of the users.

Contents of Digital Certificate

Following are the contents of a digital certificate:
– Serial no.: for the unique identification of the certificate.
– Subject: the entity or the person to be identified.
– Signature algorithm: used for the creation of signature.
– Signature: actual signature for verifying whether the user is the correct one.
– Issuer: entity whose purpose is to verify the information concerning a certificate and issuing it.
– Valid – from: date from which the certificate is valid.
– Valid – to: last date of the validity of the certificate.
– Key – usage: purpose (such as for certificate signing, signature or encipherment etc.) of the key.
– Public key
– Thumbprint algorithm: for hashing the public key certificate.
– Thumbprint: the abbreviated form of hash of the public key certificate.

A concept of classes is used by the VeriSign for several types of digital certificates as mentioned below:
– Class 1: basically for the emails sent by the individual users.
– Class 2: for organizations which require a proof of their identity.
– Class 3: for software signing purpose and servers. CA performs an independent verification as well as checking of the authority and identity.
– Class 4: for companies for making online business transactions.
– Class 5: for the purpose of governmental security or private organizations.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>