Thursday, May 1, 2014

Who may verify and who may sign?

Following up on this and this...

  • Again, a CSR authorized by a CA is a PEM.
  • With a PEM alone you may verify a request.
  • With a PEM, a private key, and a password you may sign a request.
  • The PEM and the private key may be kept together for convenience, and their togetherness is called a PFX or P12. See: this
  • Under Certificates at "the console" there should be a folder for "Trusted Root Certification Authorities" which lists all of the CAs that the computer trusts. Unless you've doctored this list all of the CAs should largely be the same from computer to computer. Go Daddy is an example of a vendor which is a trusted CA (typically). If you interface with a web site that uses both an SSL (https://www.example.com) and a trusted CA, you will not be prompted with "are you sure?" alerts. You will get the alerts if the CA is not trusted but is instead just something random.

No comments:

Post a Comment