Nomitech applications allow the use of SSL within our applications, however Nomitech Support does not provide assistance for configuring it. Consequently, Nomitech can not guarantee providing any support for it.

  • If assistance with conversions of certificates is required, please consult with the vendor who provided the certificate.
  • If assistance with configuration is required, please raise a question on Nomitech Support

What are certificates

CostOS as many applications these days is comprised of various parts that comminucate with each other over a network. This communication could be intercepted by a malicous agent that could acquire confidential information.

In order to secure the communication against such agents we can use an encryption layer that protects against unauthorized access to the informantion in transit. The industry standard these days is to use SSL, an encryption layer that encrypts and signs the information against tampering.

An SSL Certificate is an electronic document with two parts, the private key and the public certificate. The private key is stored on the server that provides a service and should not be accessible by anyone else. The public part, on the other, is distributed to the clients of that server.

Trusted Certificates

A Certificate Authority is usualy a commercialy provided service, but an organism can also host such a service by itself. The Certificate Authority usualy has an certificate that is called Root Certificate. That certificate is usually installed on client Operating Systems and Browsers and is called a Trusted Root Certificate, because the Operating System or the Browser trusts the validity of this certificate

The Certificate Authority can later on issue new certificates upon request. These certificates are signed by the Root Certificate of that authority. These new certificates can also be used to sign a third Certificate etc. This is called a Certificate Chain. When a Client Program is presented with a certificate, it checks whether it is valid or no by looking up the chain until it finds a Trusted Root Certificate. The certificates that pass such a test are called Trusted Certificates.

Self-Signed Certificates

A Self-signed Certificate is a Certificated that is not signed by a Certificate Authority. Usualy programs do not trust such certificates. An end-user or a system administrator can explicitely add such a Certificate to the list of Trusted Certificates.

The Pros of Self-signed Certificates are their cost, which is nil. On the other hand the Cons are that extra administrative work must be done to trust and use such a certificate.

Keystores

A keystore is a collection of Certificates. it can contain public certificates and even private keys. A Windows Operating System has many such keystores, on Computer and User level. Periodicaly, during Windows Updates, it updates its list of Trusted Root Certificates.

A Java installation has also its own keystore. This is also updated during distribution updates.

An administrator can import new certificates to a keystore as we already mentioned above.