Generating a Digital Certificate
To generate a digital certificate there are various platforms and types of certificates that have different methods of generation. But the principles are the same. An Issuer called a CA (Certification Authority) that will generate the digital certificate via software that uses encryption and send this to the user. Authentication is performed via PKI (Public Key Infrastructure) There is a public key issued to the user. The issuing of a digital certificate has a time limit in which it can be used and will have a date when it expires.
A digital certificate needs to conform to a standard that contains certain standardized information. The most common is a x.509 version 3 certificate. They will contain the following information:
- Version Number
- Serial Number
- Certificate algorithm identifier
- Issuer name
- Validity period
- Subject Name
- Subject public key information
- Issuer Unique identifier
- Subject Unique identifier
- Extensions
- Certification authority digital signature
Exchanging a Digital Certificate
Exchanging the digital certificate is the way that authentication and trust levels are gained. There can be different levels of digital certificate layers that the certificate can be on. Especially with network security. Exchanging these certificates happens by a user sending a certificate request to the CA and it will consist of a public key
Verifying a Digital Certificate
Once a digital certificate has been issued and there is the point were the certificate must be validated.
Quick Task – Spend 15 minutes researching how to validate a digital certificate. Make notes of what you discover.
Web browsing
SSL Certificates are a way of increasing cybersecurity for anyone browsing web sites. Not all SSL perform the same way with all hardware and software systems though.
The strength of encryption is determined by the mathematics applied. The size or strength of the encryption key is determined by the number of bits. In the same way that a longer password is harder for hackers to break through; a longer key is harder to break. A 40 bit key for example is not going to provide the same strength of protection as what a 128 bit key will.
Some types of browsers cannot deal with larger keys. Old versions of Explorer or netscape browsers for instance, will not deal with 128 bit encryption with any SSL certificate.
Browsing a web site that has an SSL certificate should be safe, but only if the certificate is a valid and trusted type, where the domain name and certificate are both current and matching.
Most common browsers make it very easy to view a website’s Certificate.