Digital CertificatesMade Easy

Sam LutgringDirector of Informational Technology Services

Calhoun Intermediate School District

WHAT ARE WE HERE for?

WHAT’S A Digital Certificate?

A (digital) form of identification– Drivers License– Passport

Provides “information” about identity– Contains the public key of the entity identified in the

certificate– The public key is matched to an identity and guaranteed

by the issuer (Certificate Authority)

Certificate Uses

Personal– Used to identify/validate individuals

Server– Used to verify its identity to users– Bases for encryption

Software Publisher– Used to sign/verify software

Authority– Used to verify “signed” certificates

Certificate “Flavors”

Public– Public signed certificate leveraging the PKI (Public Key Infrastructure)

Private– Self generated/signed

Wild Card– Used to represent a domain rather then a site

Secure– 40 to 256 bit encryption

Secure Pro– 128 to 256 bit encryption

Extended Validation (EV)– Triggers the green address bar

Makeup of a Certificate

Version number: X.509 standard

Serial number– Uniquely identifies the certificate

Certificate algorithm identifier– Key algorithm used to sign the

certificate

Issuer

Validity period– The start (Valid from) and

expiration date (Valid to)

Subject– Name of the owner

Makeup of a Certificate

Subject public key information– The owners public key and its algorithms

Issuer unique identifier

Subject unique identifier– Unique identifier of the certificate owner

Extensions– Additional information related to the use and handling

Certification authority's digital signature– Digital signature made with the certification authority's private

key

Certificate Verification

Certification Authority’s Name

Your Identification InformationYour Public Key Value

Certification Authority’s Digital Signature

Certificate Authority’sPublic Key

Message Digest

Certificate Verification

WHERE to GET CERTIFICATES

www.verisign.com

www.godaddy.com

www.thwart.com

Generate your own

How to Get Certificates

Generate a request from the server

Send the request to the certificate authority (CA)

The certificate authority (CA) verifies your identity

The certificate authority (CA) signs the certificate and returns it

You install the certificate on your server

COMMON ERRORS

Outside valid dates

Site name does not match– Custom URL– Redirect

Cannot be validated against the CA• Common with self signed certificates

Key does not match

SSL/TLS

Secure Socket Layer – SSL

Transport Layer Security – TLS

Really what we are talking about is encryption that provides cryptographic security over network infrastructure like the Internet

Encrypts the end-to-end segments of the connections at the Transport Layer (UDP/TCP)

Commonly used to secure application protocols like HTTP, SMTP, ETC

SSL/TLS

Link

Network

Transport

ApplicationTelnet, FTP, SMTP,

HTTP

TCP UDP

IP, ICMP, IGMP

Network interface and device driver

TLS/SSLENCAPSULATION

SSL/TLS

Questions?