Public Key Infrastructure and Certificate Services on Windows Server 2003
|
Rather Have Fast and Secure Remote
Control?
|
Trusting CA’s
In order for two entities to successfully exchange data that is protected using certificates, both entities must trust the same CA. In other words, by trusting a CA you are in effect trusting that someone else has verified identity, and you trust that verification is correct. In Windows, you trust a CA when a copy of the CA’s certificate is placed in your Trusted Root Certification Authorities store on your computer. Other operating systems have similar mechanisms.
In the event that you receive a certificate that is issued by a CA that is not in your Trusted Root Certification Authorities store, you will be prompted that the certificate does not come from a trusted source and you will be forced to take an action. You may choose to not trust the certificate, you may choose to trust only that one certificate, or you may choose to trust the CA that issued the certificate.
PKI in Action – SSL
The most common example of a functional PKI in action is the SSL protocol. When you access a web site with the prefix https you are accessing the site via SSL. There are two things that happen for this to be successful. First you must exchange a secret session key with the web server, and second you must verify the web server’s identity. The first step is beyond the scope of this article, but will be covered in another. The second step involves the client web browser requesting a copy of the server’s certificate.
Once a copy of the server’s certificate has been retrieved, your web browser validates that the certificate has not expired, and that the signature is valid. Finally, it ensure it was issued by a CA you have chosen to trust. Once this is accomplished, the session key is transmitted to the server, encrypted with the server’s public key, and your secure session can begin.
Summary
This was a crash course in how public certificate systems work, but it is by no means complete. There are many issues that surround the planning, implementation and maintenance of PKI systems. My next article in this series will cover the Windows Server 2003 Certificate Services product.
Written by Corey Hynes - Visit Website
Next post in Windows 2003:
Establishing a Root CA
Next post in PKI and Certificate Services:
Establishing a Root CA
Previous post in Windows 2003:
Domain Renaming and Repositioning
Previous post in PKI and Certificate Services:
Fundamentals of Cryptography
All Tutorials by Category:
- CCDA Study Guide
- CCNA Study Guide Chapter 01
- CCNA Study Guide Chapter 02
- CCNA Study Guide Chapter 03
- CCNA Study Guide Chapter 04
- CCNA Study Guide Chapter 05
- CCNA Study Guide Chapter 06
- CCNA Study Guide Chapter 07
- CCNA Study Guide Chapter 08
- CCNA Study Guide Chapter 09
- CCNA Study Guide Chapter 10
- CCNA Study Guide Chapter 11
- CCNA Study Guide Chapter 12
- Cognos
- Computer Hardware
A
C
D
E
F
G
H
I
L
M
N
Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.
