Certification authority
Download as DOC, PDF0 likes3,792 views
This document discusses certificate authorities (CAs) and provides an example scenario for securing a web server using a CA. It defines a CA as an entity that issues digital certificates for use by other parties in public key infrastructure schemes. There are commercial CAs, as well as CAs run by institutions and governments. The document then describes the process a CA goes through to issue a certificate and how users can verify certificates. It provides a list of common CAs. Finally, it presents a scenario where a web server obtains a server certificate from a CA to secure its SSL port, and clients can obtain client certificates from the CA's website to access the secure site.
![Certificate authority
In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use
by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI)
schemes.
There are many commercial CAs that charge for their services. Institutions and governments may have their own CAs, and
there are free CAs.
Issuing a certificate
A CA will issue a public key certificate which states that the CA attests that the public key contained in the certificate
belongs to the person, organization, server, or other entity noted in the certificate. A CA's obligation in such schemes is to
verify an applicant's credentials, so that users (relying parties) can trust the information in the CA's certificates. The usual
idea is that if the user trusts the CA and can verify the CA's signature, then they can also verify that a certain public key does
indeed belong to whomever is identified in the certificate.
List of certificate authorities
Here is a list of some common certificate authorities (CA). For a CA to be of any use, the client must trust the CA. In case of
a browser visiting a web site with a certificate, the CA for that certificate should ideally be known by the browser. If not, the
user will be asked whether to trust the CA. Some of the CAs below claim to be known by 99% of all browsers.[1]
• VeriSign
• Thawte
• Entrust
• QuoVadis
• GoDaddy
• Cacert (free CA)
• EJBCA
Scenario for Securing the Web Server using CA( Certification Authority)
Socket Address
The combination of the IP Address and Port Number is called as Socket Address.](https://image.slidesharecdn.com/certificationauthority-120329001139-phpapp01/85/Certification-authority-1-320.jpg)
Certification authority
- 1. Certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes. There are many commercial CAs that charge for their services. Institutions and governments may have their own CAs, and there are free CAs. Issuing a certificate A CA will issue a public key certificate which states that the CA attests that the public key contained in the certificate belongs to the person, organization, server, or other entity noted in the certificate. A CA's obligation in such schemes is to verify an applicant's credentials, so that users (relying parties) can trust the information in the CA's certificates. The usual idea is that if the user trusts the CA and can verify the CA's signature, then they can also verify that a certain public key does indeed belong to whomever is identified in the certificate. List of certificate authorities Here is a list of some common certificate authorities (CA). For a CA to be of any use, the client must trust the CA. In case of a browser visiting a web site with a certificate, the CA for that certificate should ideally be known by the browser. If not, the user will be asked whether to trust the CA. Some of the CAs below claim to be known by 99% of all browsers.[1] • VeriSign • Thawte • Entrust • QuoVadis • GoDaddy • Cacert (free CA) • EJBCA Scenario for Securing the Web Server using CA( Certification Authority) Socket Address The combination of the IP Address and Port Number is called as Socket Address.
- 2. Steps to Secure the IIS using Certification Authority: 1.Create one web site in IIS Web Server IP 100.0.0.2 M 255.0.0.0 2.Install the Certification Authority Certification Authority Server IP 100.0.0.1 M 255.0.0.0 3.Seuring the Web Server using ( Server Certificate ) a. Obtain Web Server Certificate from Web Server Steps to obtain the Server Certificate : 1.Go to Properties of the Web Server Web site 2. Select the Directory Security -> Server Certificate -> Next -> Create a new Certificate ->Send the Request Immedate to the online Certification Authority -> Next ………. 3.Go to Properties of the Web Server Web site -> Genral -> SSL Port 1234 -> OK 4.Try to access the web site at the client side. ( The Response is : The must be viewed over a secure Channel ) Steps to download the Client Certificate from the Certification Authority Client can use the Certification Authority Web site to download the Client Certificate Steps to download : 1. mmc -> console-> add/Remove snap-in -> add -> Certificates -> My user Account -> OK SSL ( Secure Socket Layer ) pronounced as separate letters) Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers.By convention, URLs that require an SSL connection start with https. Meer Shahnawaz ( Abdullah ) Netmetric Solutions ,
- 3. # 101 ALI Manor , Masab Tank , Hyderabad.