Purpose

This section deals with Secure Socket Layer (SSL) certificates.  SSL is a network protocol that allows for secure communication between two parties.  This section provides some information on certificates used in SSL

Applicable in CAST Version


Release

Yes/No

8.3.x(tick)
AIP Console(tick)
Dashboards(tick)
Imaging(tick)
CSS(tick)
Highlight(tick)
Details

What is a Certificate?

  • Information that is required to allow for 2 parties to have a secure connection. The underlying protocol is using Secure Sockets Layer (SSL).
  • Certificates are generally issued by Certificate Authorities.
  • The Certificate contains information about:
    • the dates the certificate can be used
    • the issuing authority
    • public key information
    • Fingerprints (to confirm validity)


For further information, please see: https://en.wikipedia.org/wiki/Public_key_certificate

Details

Types of Certificates

  • An initial request into a certificate authority can be done by a Certificate Signing Request (CSR). This normally is just a public key that is generated as part of the certificate request process. CSRs by themselves cannot be used
  • An application is normally given a base certificate in order to validate network traffic to this application.
  • Intermediate certificates link base certificates to a root certificate.  Intermediate certificates may come from certificate authority or a specific organization.
  • Root certificates are the end point in resolution and the certificate chain.  They are issued by a certificate authority


Details

Certificate Format

  • A Certificate by itself can be in a *.CSR, *.crt, or *.pem format. These are basic formats which just contain the certificate itself.

    • These certificate formats often also require a private key when configuring for use by an application, so that you have a certificate and a key pair when configuring this for an application.

  • There are formats of keys which have both the key and certificate information combined. These are generally *.pfx, or *.p12 or *.p7 keys.  These have an associated passphrase for security.

Details

Certificate Authority

  •  An organization that monitors and issues certificates to enable the safe and secure connection.
  • Issues root certificates and possibly intermediate certificates to allow for certificate resolution.


For further information, please see: https://en.wikipedia.org/wiki/Certificate_authority

Details

Self-Signed Certificate

  • A certificate which did not come from a certificate authority, but is verified to be true by the user themselves.
  • Generally, not safe and not to be used, but could be used for some limited testing


For further information, please see: https://en.wikipedia.org/wiki/Self-signed_certificate

Details

Certificate Chain

  •  The process of validating a certificate requires that the base certificate, intermediate certificate(s), and root certificate all align to form a certificate chain (or chain of trust) for certificate resolution to ensure the validity of the certificate.


For further information, please see: https://en.wikipedia.org/wiki/Chain_of_trust

Notes/comments


Related Pages