Wednesday, February 29, 2012

What is the significance of having a Certificate Authority server?

What is the purpose for having a Certificate Authority server? I am trying to understand its main function. I have one set up as an enterprise CA, and it works just fine. My clients are able to request/install it from there workstation, but I do not really know the true meaning behind it. I was just told to install and configure it from my senior lead administrator. Can someone please explain it in layman term? Also, how do you verify that it is installed from a user's workstation?What is the significance of having a Certificate Authority server?
It lets you sign your own certificates. You can have certs for servers (webservers, mail servers etc.), software (Java applets), documents (PDF) or people (email addresses).



If you want to do webservers, nowadays it may be easier to get a commercial wildcard certificate, or a chaining certificate, as then the CA record will be preinstalled in browsers.

But if you need to sign documents or email, then you need to certify people, and you can't do that easily with a commercial CA in another country.. So you might have your own CA, and issue certs to people with employee ID who look like their photo ID.



If you have a CA cert installed in a browser on a workstation, then if the user goes to a secure site signed with that cert they won't see a challenge. Otherwise they will see the Firefox "get me out of here" popup.

No comments:

Post a Comment