SSL is a network protocol that allows for secure communication between two parties. This section provides some information on certificates used in SSL
Applicable CAST Products
|
See the sections below for information on Certificates:
- What is a Certificate?
- Types of Certificates
- Certificate Format
- Certificate Authority
- Self-Signed Certificate
- Certificate Chain
What is a Certificate?
- Information that is required to allow for 2 parties to have a secure connection. The underlying protocol is using Secure Sockets Layer (SSL).
- Certificates are generally issued by Certificate Authorities.
- The Certificate contains information about:
- the dates the certificate can be used
- the issuing authority
- public key information
- Fingerprints (to confirm validity)
For further information, please see: https://en.wikipedia.org/wiki/Public_key_certificate
Types of Certificates
- An initial request into a certificate authority can be done by a Certificate Signing Request (CSR). This normally is just a public key that is generated as part of the certificate request process. CSRs by themselves cannot be used
- An application is normally given a base certificate in order to validate network traffic to this application.
- Intermediate certificates link base certificates to a root certificate. Intermediate certificates may come from certificate authority or a specific organization.
- Root certificates are the end point in resolution and the certificate chain. They are issued by a certificate authority
Certificate Format
-
A Certificate by itself can be in a *.CSR, *.crt, or *.pem format. These are basic formats which just contain the certificate itself.
-
These certificate formats often also require a private key when configuring for use by an application, so that you have a certificate and a key pair when configuring this for an application.
-
-
There are formats of keys which have both the key and certificate information combined. These are generally *.pfx, or *.p12 or *.p7 keys. These have an associated passphrase for security.
Certificate Authority
- An organization that monitors and issues certificates to enable the safe and secure connection.
- Issues root certificates and possibly intermediate certificates to allow for certificate resolution.
For further information, please see: https://en.wikipedia.org/wiki/Certificate_authority
Self-Signed Certificate
- A certificate which did not come from a certificate authority, but is verified to be true by the user themselves.
- Generally, not safe and not to be used, but could be used for some limited testing
For further information, please see: https://en.wikipedia.org/wiki/Self-signed_certificate
Certificate Chain
- The process of validating a certificate requires that the base certificate, intermediate certificate(s), and root certificate all align to form a certificate chain (or chain of trust) for certificate resolution to ensure the validity of the certificate.
For further information, please see: https://en.wikipedia.org/wiki/Chain_of_trust
Comments