LIS 525 - Certificates

Certificate Authorities

Certificate authorities issue digital certificates and validate the holder's identity and authority. Each certificate contains an individual's or organization's public key and other identifying information and is "signed" cryptographically.

The recipient uses the certificate authority's public key to decrypt the sender's public key attached to the message. The sender's public key is then used to decrypt the actual message (which could only have been encrypted with the sender's private key).

For pointers to some certificate authorities, see

Kelm, S. 2007. "Extensive list of Certification Authorities". The PKI page. http://www.pki-page.org/#CA.

Advantages of Digital Certificates

Installing a digital certificate on your server lets you

communicate your site's authenticity to browsers, and
keep private communications private.

If visitors to your site use personal certificates,

instant log-in is facilitated, and
later repudiation of transactions is prevented.

Disadvantages

Cost. (For example, Verisign charges US$995 for a one-year 128-bit package. But it probably pays to shop around. For example, GoDaddy offers a simple form of certificate at US$19.99 per year. If you are willing to share a certificate with the hosting service, it may cost nothing extra.

How Server Certificates Work

If you have a digital certificate on the server side, the following series of events occurs when a browser accesses a secure page on your site (often with the https protocol instead of just http):

the server sends the browser the site's digital certificate
the browser generates a unique session key to encrypt all communications with the site
the browser encrypts the session key with the site's public key
the browser sends the encrypted session key to the server
the server decrypts the session key, thus establishing encrypted communication.

For More Information

Digicert. 2007. SSL Certificates Authentication by DigiCert®. http://www.digicert.com/ssl-certificate.htm. (Certificates for US$99.)
Edelman, B. 2005. How VeriSign Could Stop Drive-By Downloads. http://www.benedelman.org/news/020305-1.html. ("I suggest that VeriSign can and should use its existing certificate revocation system to disable those certificates issued or used in violation of applicable VeriSign rules.")
GoDaddy. 2007. GoDaddy.com Turbo SSL® Certificates. https://www.godaddy.com/gdshop/ssl/turbo.asp.
Microsoft. 2007. "Using certificates for privacy and security". Microsoft Corporation. http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/cert_ovr.mspx.
Netscape. 2000. How Digital Certificates Work. http://wp.netscape.com/security/techbriefs/certificates/howcerts.html?cp=stbmid.
Romagny, G. 2007. CAcert - CAsert Wiki. http://wiki.cacert.org/wiki/. ("FREE digital certificates for everyone".)
SecureTrust. 2007. SSL Certificates Buy SSL Certificate BUY Digital Certificate Wildcard SSL Certificates Purchase 256 Bit SSL Certificate Class 3 SSL Certifcate. http://www.xramp.com/sslcertificates/.
Start Commercial. 2007. StartCom Free SSL Certification Authority. http://cert.startcom.org/.
Wikipedia. 2007. Certificate authority - Wikipedia, the free encyclopedia. http://en.wikipedia.org/wiki/Certificate_authority. (Brief explanation and discussion of problems.)

Home

Last updated October 19, 2007.
This page maintained by Prof. Tim Craven
E-mail (text/plain only): craven@uwo.ca
Faculty of Information and Media Studies
University of Western Ontario,
London, Ontario
Canada, N6A 5B7