I get a lot of questions on understanding certificates in general, this post is intended to answer those general questions and is not specific to any product. Although I plan on using Windows Home Server and Windows Small Business Server 2008 as examples here. I do have a previous post on understanding the self-issued certificate in SBS 2003 and SBS 2008, as this post will focus on understanding trusted certificates, and what makes them trusted.
Certificates provide two purposes:
- Authenticating the server to the client
- Providing encryption between the server and the client
I will cover the authenticating the server to the client in this part 1 post, and will write a part 2 post that handles the second part of encryption.
Part 1 – Authenticating the Server to the Client
Think of a certificate like a drivers license; a United States drivers license as that’s what I’m most familiar with. The drivers license has three key components that makes it what it is.
- A name that identifies what you are called, in my case, “Sean Daniel”
- An expiry date, that identifies when the license is valid from. This ensures data doesn’t get stale, like your picture, or hair colour, or if you need glasses or not to drive
- An issuing authority, such as Washington State
This is the same as a computer SSL certificate. It has a valid URL, an expiry date, and an issuing authority. When the client gets to the intended URL such as https://remote.contoso.com, it asks the server for proof that it is remote.contoso.com, and the server presents it’s certificate. The client validates the 3 checks. Does the URL in the certificate match (ie. are you “Sean Daniel”). Is this certificate valid (is the expiry date past today’s current date and time). Those are the two easy to understand checks. The final check is “do I trust the issuing authority”. In the case of a drivers license, you’d bend it, look at it under a black light to make sure it’s authentic, and then you’d see Washington state issued it and be. Sure, I trust the state government.
With certificates, it’s slightly different. The computer follows the certificate chain outlined in the certificate path (IE view):
In the above example for Home Server, the client will check if it trusts foo.homeserver.com. It looks into it’s trusted certificate store for a matching certificate, none would exist of course, so it would then look for the “GoDaddy Secure Certification Authority” in the same store. Because the “GoDaddy Secure Certification Authority” trusts foo.homeserver.com, the client can base it’s trust on that. Again, it won’t find that certificate, so it bounces up to the root certificate and looks for “Go Daddy Class 2 Certification Authority” in the trusted root store:
As you can see from a view on my Windows 7 box, Windows 7 by default trusts this certificate, so since I trust that certificate, and that certificate trusts the “Go Daddy Secure Certification Authority”, then my Windows 7 machine also trusts this authority, and since the “Go Daddy Secure Certification Authority” trusts foo.homeserver.com, then My Windows 7 client also trusts foo.homeserver.com, and a trusted certificate connection is established.
In the non-computer world, think of it this way. When I try to get on a plane, and I present my drivers license (domestic flights only!), they trust WA state and allow me on the plane. If I were to present my Microsoft Identification, they would probably look at me sideways and ask for another ID, because the airlines don’t trust the Microsoft employee issuing authority. However, if I go to my companies Christmas party I can present EITHER my drivers license, or my Microsoft ID, and they trust both, since they trust WA state, and the Microsoft employee issuing authority.
In Windows SBS 2003/2008 and the use of self issued certificates. You install the leaf cert (sbs 2003) or the root cert (sbs 2008) into your client trusted root store, and now your client will trust that issuing authority as mentioned above. This is outlined in my old post.
On Mobile devices, such as Windows Mobile, you need to ensure the certificate is in that root store as well, which is why some certs work and some don’t on older Windows Mobile devices. Additionally it’s important to call out that browsers on clients behave differently too. For example, Firefox has it’s own certificate store and doesn’t use the one in Windows. The certificates in Windows and also on later mobile devices are updated and maintained through the secure connection of Windows Update.
Hopefully this clears up the server to client authentication. Of course we know the client authenticates to the server by providing your username and password to prove you are indeed the user the server should give access to.
Last important thing to remember, is NEVER install a certificate over an unsecure or un-trusted internet connection, you should always use a SECURE method of installing certificates. That means you download a cert over an already trusted and secure connection, or you bring it home in your pocket on a USB key. You never know if there is going to be a malicious server giving you a bad certificate for the wrong server on the Internet. Then you will just be giving your username and password to the wrong server on the Internet, and that would be disaster.
Update: Continue on to Part 2, now posted.
45 comments:
great post - thanks Sean! eagerly anticipating part2 re: encryption between server <---> client... ;)
Hi Ryan,
Thanks for the poke to get this finished, you can find this post live now.
It's interesting that after reading https://justdomyhomework.com/blog/homework-does-not-have-to-be-hard I realized that homework does not have to be heard. Now I definitely want my teachers to read this.
StudentsAssignmentHelp.com works continue to give the best Case Study Assignment Writing for all the students studying in different colleges or universities of Australia. Our team of Aussie writers will help you to done your work easily.
HPE0-S55 Practice Test HPE0-S55 marks4sure exam dumps help you to clear HPE0-S55 test. If you want get professional and HP real practice, recommend you to use our HPE0-S55 marks4sure
CertificationGenie provides an effective and cost-efficient method to become a certified professional in the field of IT. We offer solutions for many certification programs like Microsoft Exams, Vmware Certification Exam Questions, IBM Tests, Oracle Dumps, Cisco Certification Braindumps and more. All the solutions meet the requirements for every certification and help you to become a certified professional.
Your article is always informative. To get solution to assignment related query seek help from online members of our company.
Great post! I am actually getting ready to across this information, is very helpful my friend. Also great blog here with all of the valuable information you have. Keep up the good work you are doing here.
A high-standard post with all imperative information about Assignment Help UK services. Looking forward to avail the premium services.
Amazing Information. I really Like it. asphalt 9 legends mod apk for android plants vs zombies 2 mod apk free download mortal kombat x modes
Great post! I am actually getting ready to across this information, is very helpful my friend. Also great blog here with all of the valuable information you have. Keep up the good work you are doing here.
I would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well. Get Online Assignment
I find your blog really a good piece of content. I would love to share with other as it has really a useful information.
acer support
apple support
samsung support number
samsung printer support
epson support
aolmail.com
aol mail
mcafee.com/activate
norton.com/setup
Thank you for posting such a great blog! I found your website perfect for my needs. It contains wonderful and helpful posts. Keep up the good work. Thank you for this wonderful Blog!
Visit: Homework Help
Java Assignment Help
Thanks for sharing this blog. A great information you shared through this blog. Keep it up and best of luck for your future blogs and posts. I have an important information regarding Web app development company
Being an academic writer from past 5 years providing assignment help writing services to college and university students also associated with Myassignmenthelp platform. I am dedicated in providing best online academic writing services to the college students at the affordable rates. Fast Assignment Help - My Assignment Help
Avail the best essay writing solution in Australia. At EssayAssignmentHelp.com.au, you can get online essay help from top university experts.
Your blogs are amazing and I am glad to read them. Thanks for sharing the tips and samples of our assignments. They are useful in knowing the key points that can increase the value of an assignment. And a special thanks to the My Assignment Help Australia for helping the students 24/7. You can email us at Info@Myassignmenthelpau.Com or Phone Number: +61-2-8005-8227
Digital Marketing is not just present, its future! As we see around us everything is getting related to the virtual world with each counting day, so it is important for us to keep up with the flow and adopt this change smartly in everything we do, we sell. We are teaching here at Koderey Techstack - Digital Marketing Course in Delhi to grow your Digital Marketing skills and see some wonderful growth in your current business. Thanks
Types of marketing
Scope of digital marketing
What is SEO
This is simply not hidden to anybody that speaking in English these days has been more than just a trend and it helps you grow the overall personality that further helps you in many aspects in your life. even if you are appearing for a good job, the first that an interviewer judges you is with your way of communication and understanding the same. American Lingua is teaching you with all the skills you require to have an excellent command on your Language.
Spoken english classes in janakpuri
Hello,
I am roxy smith.
thanks for sharing this post.
provide you best Assignment help Australia anytime.
Your blog provided us with valuable information. Most of the times, students get stressed due to their assignments. If it is with you also then you might seek for Assignment help.
Fort Lauderdale Vacation Rentals
California Vacation Rentals
Mykonos Greece Holidays
Long Beach Resorts Condos
Cape Coral Vacation Rentals
by Owners is the best platform for vacation rental owners whose property placed in Islamorada, orlando, kissimmee. they can register their property online and generate high revenue.
Use Programming Assignment Help services of StudentsAssignmentHelp.com at very good price. We are always working with the team of programming experts that always keeps advanced degrees in the field and having amazing academic writing knowledge. Our experts will complete all your work before the asked time-frame.
The above information you shared give me a new look at this topic. I am working as a full-time academic writer in myassignmentHelpsg providing Assignment Help Singapore services to college students.
Thanks a lot for sharing all of this. Most of the times, students get stressed due to their assignments. If it is with you also then you might seek for online Assignment help.
Are you demanding for Assignment Help? Turn towards Myassignmenthelp and stay tension free. We have an expert team of writers that work for students demands and carry out all the task appropriately.
Your selection of topic is very good and also well written. Thanks for sharing. I feel like all your ideas are incredible! Great job.
norton.com/setup | mcafee.com/activate
Thanks for sharing this blog. A great information you shared through this blog.
A lot of valuable information can be derived from the post. Certainly, this compelling post will encourage readers to choose Assignment Help Australia services. You can email us at info@firstassignmenthelp.com.
Nice post, Photoshop Actions for Photographers is an ideal way to grab free & premium actions from InventActions, this is world largest site who provide thousands+ actions. Just in one click, you can change your image actions.
Hire the professional assignment writers from StudentsAssignmentHelp.com so the students can easily get the best Assignment Help London services at a very amazing price. Our assignment experts in London will help you score the best academic marks ever and make you class topper.
Thanks so much for writing all of the excellent information, very interesting topic to learn. Thank you very much and keep sharing. public relations assignment expert
Very nice information. Will surely recommend to my friends. In case you want any essay writing or assignment writing help Australia, kindly visit the best assignment writing service provider.
Students Assignment Help offers UK assignment help services to the students around the globe. We are the best and professional assignment help provider to the students’ at all academic levels.
Deadline for assignment should not ruin your peace of mind anymore. Contact IrelandAssignmentHelp.com for best Buy assignments online regarding a number of courses. Our experts are just one call away to provide you with successful plagiarism free project. Contact us now and get writing assistance.
Every single student is searching for a proper essay generator who can understand the need of the work and do the essay completely flawless. However, it often happens that students fail to figure out who can be one of the best instant essay typer for their work.
Academic essay writing has been a parameter to judge the merits of the students for a long time. The present time is none the less. In fact, as time is passing by, students are having more and more requirements to write an essay that will be graded. Hence seeking Do my essay online online help is on the rise and it will be.
This is where you might have started your search for assignment help.The previous consumers give their feedback on the website to let the other users know about the quality of their service. For example, if you go to the
Allassignmenthelp.co.uk reviews, you can get to know the opinion of different users about their services. You can also check other websites to compare and select the best service for you.
Students can easily get Homework Help services from the professional experts of StudentsAssignmentHelp.com. Our team is working with the experts and they have great knowledge in finishing all your task accurately and in the asked format. So, grab the best homework writing services today and score high grades.
Excellent and nice post. It will beneficial for everyone. Thanks for sharing such a wonderful post. Avail No 1 Essay writing Services UK from certified PhD writers. It is extremely helpful for me. You can email us at info@ukdissertationhelp.co.uk or Phone Number - 020 8144 9988
Great job, it’s really useful for me, thank you so much for sharing this awesome idea, visit best Jeans Manufacturers website.
Jeans Manufacturers in Delhi
Post a Comment