#1 GhostProtocolTechnical Expert
51 posts 1605 thanks
Posted 20 September 2011 - 03:18 PM
often we wondered how https/ssl certificates work. and how it is been validated. if then who validates.I come with the small tutorial about CA'S. Here you go with it.
how certificate authority(CA) works?
when you try to attempt the connection against the https servers(ex.gmail) you will be presented the ca for your secure communications between your machine to the server. this certificates responsible to encrypt and decrypt the traffics between the the end to end machines. usually it is called as public key cryptography(pki) .
what is in digital certificates?
digital certificates contain at least the following information about the entity being certified:
• the owner's public key
• the owner's distinguished name
• the distinguished name of the ca that is issuing the certificate
• the date from which the certificate is valid
• the expiry date of the certificate
• a version number
• a serial number
when you receive a certificate from a ca, the certificate is signed by the issuing ca with a digital signature. you verify
that signature by using a ca certificate, from which you obtain the public key for the ca. you can use the ca public key to validate other certificates issued by that authority. recipients of your certificate use the ca public key to check the signature.
who are certificate authorities?
a certification authority (CA) is an independent and trusted third party that issues digital certificates to provide you with an assurance that the public key of an entity truly belongs to that entity. the roles of a ca are:
• on receiving a request for a digital certificate, to verify the identity of the requestor before building, signing and returning the personal certificate
• to provide the ca's own public key in its ca certificate
• list of ca's - thawte,verisign,entrust
1. you requested the https page, which holds trusted CA.usually our browser does this job.
2.then server issues the copy of its own certificate, procured from the third party ca.
3.then client validates the certificate status against the root ca.for that it will use ocsp(online certificate status protocol)
4. if ca reply the positive answer then client sends the message back to the server.
5.then server sends the digitally signed acknowledgement to the client browser.