Versions Compared

Old Version 3

changes.mady.by.user Vangelis Popas

Saved on

compared with

New Version 4

changes.mady.by.user Vangelis Popas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

What are certificates

CostOS as many applications these days is comprised of various parts that comminucate with each other over a network. This communication could be intercepted by a malicous agent that could acquire confidential information.

...

An SSL Certificate is an electronic document with two parts, the private key and the public certificate. The private key is stored on the server that provides a service and should not be accessible by anyone else. The public part, on the other, is distributed to the clients of that server.

Trusted Certificates

A Certificate Authority is usualy a commercialy provided service, but an organism can also host such a service by itself. The Certificate Authority usualy has an certificate that is called Root Certificate. That certificate is usually installed on client Operating Systems and Browsers and is called a Trusted Root Certificate, because the Operating System or the Browser trusts the validity of this certificate

The Certificate Authority can later on issue new certificates upon request. These certificates are signed by the Root Certificate of that authority. These new certificates can also be used to sign a third Certificate etc. This is called a Certificate Chain. When a Client Program is presented with a certificate, it checks whether it is valid or no by looking up the chain until it finds a Trusted Root Certificate. The certificates that pass such a test are called Trusted Certificates.

Self-Signed Certificates

A Self-signed Certificate is a Certificated that is not signed by a Certificate Authority. Usualy programs do not trust such certificates. An end-user or a system administrator can explicitely add such a Certificate to the list of Trusted Certificates.

The Pros of Self-signed Certificates are their cost, which is nil. On the other hand the Cons are that extra administrative work must be done to trust and use such a certificate.

Keystores

A keystore is a collection of Certificates. it can contain public certificates and even private keys. A Windows Operating System has many such keystores, on Computer and User level. Periodicaly, during Windows Updates, it updates its list of Trusted Root Certificates.

...