Hi all,
i tried google but was unable to find a decent tutorial on "How Certificate Authority (CA) Works". Any one having any fair idea or link can share with me????
Thanks
Printable View
Hi all,
i tried google but was unable to find a decent tutorial on "How Certificate Authority (CA) Works". Any one having any fair idea or link can share with me????
Thanks
What you should look for is how PKI (Public Key Infrastructure) works. This article from SANS: http://www.sans.org/rr/whitepapers/vpns/764.php should help. Basically, they provide public certificates.
I've added a visual from another SANS paper that doesn't seem available but graphically gives a nice view as to what a CA/RA does. Hope this helps.
mmkahn, MsMittens has it dead on (as usual) but I've got the 20 second answer for you.
CA's verify the identity of the person or organization asking for a certificate. Any fool can install apache, mod_ssl, and open_ssl and put up a website with a certificate...but modern browsers won't (or SHOULDN'T, but that goes beyond my 20 seconds) recognize it as authentic and verified. That's what you pay the CA for, who will check business records, domain registries, etc. before signing a certificate.
Theoretically, of course. I seem to remember Microsoft's public certificate was "stolen" by an imposter at one point. See the MS Security Bulletin here on that one. But the lack of CRL checking by many browsers (I noticed that FireFox has this built-in as an option) means that many fraudulant certificates could be out there...Quote:
That's what you pay the CA for, who will check business records, domain registries, etc. before signing a certificate.
Thanks MsM and Zencoder for quick replies,
@MsM the guide is very informative and now i have a clear picture of what i wanted to know. Can u post the link or name of the pki-ca.jpg's paper.
Thanks
[Edit]
Sorry for the double post, i donot know how it happened.
@MsM Thanks for the link but if u give me the name of paper or title of the paper then i can easily find it.
Thanks again,
[/Edit]
That paper was previously on SANS but seems gone. Here's the link anyways: http://www.sans.org/rr/encryption/PKI_101.php If you find it somewhere, perhaps posting the link of the updated version would be good.
Also, you might be interested to have a look at this page....
http://www.opengroup.org/messaging/G...i_tutorial.htm
Cheers
Thank goodness for the WayBack Machine. I found an archived copy of the paper there: http://web.archive.org/web/200304151...on/PKI_101.php It was called "Public Key Infrastructure (PKI) – 101".
Thanks for the replies guys (esp. MsM)