Digital Certificates
I had never given much thought to why the address bar in IE turns green for certain website. Or what is that tiny lock at the end of the URL in the address bar and why is it used. So I got reading and discovered about the digital certificates.
So many people around the world use so many websites on a regular basis. I think every time a person breaths there is someone somewhere opening a new website page in a browser. As a website user it is imperative to know that the site we are requesting is authentic and verified as an original, genuine site. More so when the task at hand is serious, for example movie ticket booking - involving movies and money - two most important things in the world :)
so I guess there should be some indication which I can observe and believe that the website that I am using is indeed genuine. Do you know how you can check it? - by clicking on the same tiny little lock symbol at the address bar when you open any URL. this is how it will look when you click on the lock.
.png)
when you click on the tiny lock the pop up will tell you if the website is verified or not, who has verified it and you can click to view the certificate. in this case, Twitter is verified by VeriSign which means VeriSign is telling me that this website twitter is a proper website identified to Twitter, Inc. If I chose to view the certificate, this is how the certificate would look like :
.png)
.png)
.png)
.png){kind=link}
.png){kind=link}
These certificates are used to verify that the website is legitimate and can encrypt files, and as a form of authentication. They must come from certification authorities, the organizations responsible for issuing and revoking certificates. A certificate will contain at least these things Owner's public key, Owner's name or alias, Expiration date of the certificate,Serial number of the certificate, Name of the organization that issued the certificate and Digital signature of the organization that issued the certificate. Let me mention the purpose of a certificate. A certificate does the following things - Verify the identity of clients and servers on the Web, Encrypt channels to provide secure communication between clients and servers, Encrypt messages for secure Internet e-mail communication, Verify the sender's identity for Internet e-mail messages, Put your digital signature on executable code that users can download from the Web and Verify the source and integrity of signed executable code that users can download from the Web.
Now you must wonder who are these people who has the power to issue the certificates. Certificates are issued, renewed and managed by Certification Authorities (CA).CA does a lot of things such as Issue, renew, and revoke certificates, Authenticate the identities of individuals and organizations, Verify the registrations of individuals and organizations, Publish and maintain a Certificate Revocation List (CRL) of all certificates that the CA has revoked, Handle legal and liability issues related to security etc.
The exchange of certificates between clients and servers is performed by using a secure transmission protocol, such as SSL or TLS.
.png)
One more thing I want to share with you is about Extended Validation Certificate. It is the latest and we can say a significant advancement in SSL technology. It follows standardized extended validation guidelines. Extended SSL is the right choice for websites who wish to work with highest level of authenticity. Check this out :
.png)
Let me summarize your takeaways -
1. all websites must acquire digital certificates
2. CA issues, revokes digital certificates
3. There are different types of certificates available, you can goto CA's website and decide which certificate you want
4. you get certificate in .pfx format
5. you just have to install it in your server
Hope this was helpful. If you want to share your feedback or if you have any question please tweet them to me at @SameekshaKhare and I will answer them as much as I can.