Jump to content

Certificate authority: Difference between revisions

From ICANNWiki
Tehreem (talk | contribs)
No edit summary
Tehreem (talk | contribs)
No edit summary
Line 5: Line 5:
A certificate includes all the information about the owner including his public key, the expiration date of the certificate.<ref>[http://searchsecurity.techtarget.com/definition/certificate-authority SearchSecurity]</ref>
A certificate includes all the information about the owner including his public key, the expiration date of the certificate.<ref>[http://searchsecurity.techtarget.com/definition/certificate-authority SearchSecurity]</ref>


==Authentication==
==Public Key Infrastructure==
Almost all the browsers present today are able to detect if certificate of certain website is expired or it does not have the certificate signed by a known company. In that case a warning message usually appears on the first page saying the problem with the certificate. One can then move on to the website or leave the page right there.
A certificate authority is does not issue certificates alone. Its a part of Public Key Infrastructure ([[PKI]]). Basically a PKI issues and manages security certificates, credential verification, and public key encryption assignments. A CA verifies the credentials of the requester through a registration authority ([[RA]]) and as a part of PKI process, a public key is assigned for encryption. As a last step, an [[SSL Certificate]] is issued encrypted with a digital signature to attest the identity of the requester.<ref>[http://www.entrust.com/certification-authority.htm Entrust]</ref>


==Authentication & Security==
Almost all the browsers present today are able to detect if certificate of certain website is expired or it does not have the certificate signed by a known company. In that case a warning message usually appears on the first page saying the problem with the certificate. One can then move on to the website or leave the page right there.<ref>[http://www.namecheap.com/support/knowledgebase/article.aspx/334/38/what-is-certificate-authority-ca NameCheap]</ref>


[[VeriSign]] and [[DigiCert]] are two known companies in the field of digital certificates. Rest of the reliable companies' list can be read [https://spreadsheets.google.com/pub?key=ttwCVzDVuWzZYaDosdU6e3w&single=true&gid=0&output=html here] and [http://www.dmoz.org/Computers/Security/Public_Key_Infrastructure/PKIX/Tools_and_Services/Third_Party_Certificate_Authorities/ here].<ref>[http://www.namecheap.com/support/knowledgebase/article.aspx/334/38/what-is-certificate-authority-ca NameCheap]</ref>
A CA publishes Certificate Service Policy Statement on their website. It explains the terms of business and details about the issuance of certificates. Prior to buying a digital certificate, this statement should be read in order to determine if the CA is not fraudulent. There are some companies which sign their own certificate, which could mean two things; Either the company is fraud or there is no higher authority to sign its certificate meaning it is the top most company in this infrastructure. In this case, the validity of a company's certificate can be found out by a little search on the company's name.<ref>[http://www.opera.com/support/kb/view/191/ Opera]</ref>


==Public Key Infrastructure==
[[VeriSign]] and [[DigiCert]] are two known companies in the field of digital certificates. Rest of the reliable companies' list can be read [https://spreadsheets.google.com/pub?key=ttwCVzDVuWzZYaDosdU6e3w&single=true&gid=0&output=html here] and [http://www.dmoz.org/Computers/Security/Public_Key_Infrastructure/PKIX/Tools_and_Services/Third_Party_Certificate_Authorities/ here].
A certificate authority is does not issue certificates alone. Its a part of Public Key Infrastructure ([[PKI]]). Basically a PKI issues and manages security certificates, credential verification, and public key encryption assignments. A CA verifies the credentials of the requester through a registration authority ([[RA]]) and as a part of PKI process, a public key is assigned for encryption. As a last step, an [[SSL Certificate]] is issued encrypted with a digital signature to attest the identity of the requester.<ref>[http://www.entrust.com/certification-authority.htm Entrust]</ref>


==References==
==References==

Revision as of 06:06, 9 October 2011

Certificate Authority is a trusted third party company who issues digital certificates and public-private keys as a part of chosen Public Key Infrastructure (PKI). In order to issue these certificates, a CA first consults with a registration authority (RA) such as credit card company to check whether the requester's information is legit. Only after the proper verification, the CA can issue a certificate claiming that the organization or the individual is the one who he claims to be. Having a digital certificate on a website proves the owners identity hence developing a trustworthy environment in business.[1]

A certificate includes all the information about the owner including his public key, the expiration date of the certificate.[2]

Public Key Infrastructure

A certificate authority is does not issue certificates alone. Its a part of Public Key Infrastructure (PKI). Basically a PKI issues and manages security certificates, credential verification, and public key encryption assignments. A CA verifies the credentials of the requester through a registration authority (RA) and as a part of PKI process, a public key is assigned for encryption. As a last step, an SSL Certificate is issued encrypted with a digital signature to attest the identity of the requester.[3]

Authentication & Security

Almost all the browsers present today are able to detect if certificate of certain website is expired or it does not have the certificate signed by a known company. In that case a warning message usually appears on the first page saying the problem with the certificate. One can then move on to the website or leave the page right there.[4]

A CA publishes Certificate Service Policy Statement on their website. It explains the terms of business and details about the issuance of certificates. Prior to buying a digital certificate, this statement should be read in order to determine if the CA is not fraudulent. There are some companies which sign their own certificate, which could mean two things; Either the company is fraud or there is no higher authority to sign its certificate meaning it is the top most company in this infrastructure. In this case, the validity of a company's certificate can be found out by a little search on the company's name.[5]

VeriSign and DigiCert are two known companies in the field of digital certificates. Rest of the reliable companies' list can be read here and here.

References