Digital CertificatesMade Easy
Sam LutgringDirector of Informational Technology Services
Calhoun Intermediate School District
WHAT ARE WE HERE for?
WHAT’S A Digital Certificate?
A (digital) form of identification– Drivers License– Passport
Provides “information” about identity– Contains the public key of the entity identified in the
certificate– The public key is matched to an identity and guaranteed
by the issuer (Certificate Authority)
Certificate Uses
Personal– Used to identify/validate individuals
Server– Used to verify its identity to users– Bases for encryption
Software Publisher– Used to sign/verify software
Authority– Used to verify “signed” certificates
Certificate “Flavors”
Public– Public signed certificate leveraging the PKI (Public Key Infrastructure)
Private– Self generated/signed
Wild Card– Used to represent a domain rather then a site
Secure– 40 to 256 bit encryption
Secure Pro– 128 to 256 bit encryption
Extended Validation (EV)– Triggers the green address bar
Makeup of a Certificate
Version number: X.509 standard
Serial number– Uniquely identifies the certificate
Certificate algorithm identifier– Key algorithm used to sign the
certificate
Issuer
Validity period– The start (Valid from) and
expiration date (Valid to)
Subject– Name of the owner
Makeup of a Certificate
Subject public key information– The owners public key and its algorithms
Issuer unique identifier
Subject unique identifier– Unique identifier of the certificate owner
Extensions– Additional information related to the use and handling
Certification authority's digital signature– Digital signature made with the certification authority's private
key
Certificate Verification
Certification Authority’s Name
Your Identification InformationYour Public Key Value
Certification Authority’s Digital Signature
Certificate Authority’sPublic Key
Message Digest
Certificate Verification
WHERE to GET CERTIFICATES
www.verisign.com
www.godaddy.com
www.thwart.com
Generate your own
How to Get Certificates
Generate a request from the server
Send the request to the certificate authority (CA)
The certificate authority (CA) verifies your identity
The certificate authority (CA) signs the certificate and returns it
You install the certificate on your server
COMMON ERRORS
Outside valid dates
Site name does not match– Custom URL– Redirect
Cannot be validated against the CA• Common with self signed certificates
Key does not match
SSL/TLS
Secure Socket Layer – SSL
Transport Layer Security – TLS
Really what we are talking about is encryption that provides cryptographic security over network infrastructure like the Internet
Encrypts the end-to-end segments of the connections at the Transport Layer (UDP/TCP)
Commonly used to secure application protocols like HTTP, SMTP, ETC
SSL/TLS
Link
Network
Transport
ApplicationTelnet, FTP, SMTP,
HTTP
TCP UDP
IP, ICMP, IGMP
Network interface and device driver
TLS/SSLENCAPSULATION
SSL/TLS
Questions?