Sunday, 7 March 2010

Identify yourself with Certificates

What is PFX file?
This file type is an acronym of "Personal Information Exchange" that can be opened with "Microsoft Certificate Manager or Certificate Import Wizard".

This file is an Encrypted security file that stores SSL secure certificates used to authenticate a person or device, such as a computer or Web server; requires a password to be opened; can be installed by right-clicking the file and selecting "Install PFX."

More than one certificate can be stored in a single file in the following formats:

PFX,P12: Personal Information Exchange
P7B: Cryptographic Message Syntax Standard-PKCS#7 Certificate
SST: Microsoft Serialized Certificate Store


What SSL Is and Why You Need It?


Doing business online without SSL is like leaving customer credit card numbers on the counter or offering a dressing room without a door


An SSL certificate is a bit of code on your web server that provides security for online communications. When a web browser contacts your secured web site, the SSL certificate enables an encrypted connection. It’s kind of like sealing a letter in an envelope before sending it through the mail.


SSL certificates also inspire trust because each SSL certificate contains identification information. When you request an SSL certificate, a third party (such as Thawte or VeriSign) verifies your organization’s information and issues a unique certificate to you with that information. This is known as the authentication process.

An SSL certificate, or secure certificate, is a file installed on a secure Web server that identifies a website. This digital certificate establishes the identity and authenticity of the company or merchant so that online shoppers can trust that the website is secure and reliable. In order to verify that these sites are legitimate (they are who they say they are), the companies and their websites are verified by a third party, such as Verisign or Thawte.


Once the verification company establishes the legitimacy of an organization and the associated website, they will issue an SSL certificate (for the small fee of a few hundred dollars). This digital certificate is installed on the Web server and will be viewable when a user enters a secure area of the website. You can tell you are visiting a secure page when the URL starts with "https." To view the certificate, click the lock icon near one of the edges of your browser window.

Because digital certificates verify a company's current status, they do not last forever. SSL certificates typically expire every one to three years. If the certificate is not renewed in time, you may see an alert box pop up that says "This website's certificate has expired." This error has nothing to do with you or your computer, but is displayed because the Web server you connected to has not renewed its SSL certificate. While this does not necessarily mean the site is fraudulent, it does show that the site is less than professional.

What Happens between the Web Browser and Server?

1.A browser attempts to connect to a web site secured with SSL. The browser requests that the web server identify itself.
2.The server sends the browser a copy of its SSL certificate.
3.The browser checks whether it trusts the SSL certificate. If so, it sends a message to the server.
4.The server sends back a digitally signed acknowledgement to start an SSL encrypted session.
5.Encrypted data is shared between the browser and the server.

Continue reading ...
http://www.thawte.com/resources/ssl-information-center/get-started-with-ssl/index.html
http://www.thawte.com/resources/ssl-information-center/get-started-with-ssl/how-ssl-works/index.html

List of comercial certificate authorities
http://msdn.microsoft.com/en-us/library/ms995347.aspx

AOL (http://www.aol.com)
A-Trust (http://www.a-trust.at)
Arge Daten (http://www.signatur.rtr.at/de/providers/providers/argedaten.html)
AS Sertifitseerimiskeskuse (http://www.sk.ee)
Asociacion Nacional del Notariado Mexicano (http://www.notariadomexicano.org.mx)
Austria Telekom-Control Commission (http://www.signatur.rtr.at)
Autoridade Certificadora Raiz Brasileira (http://www.icpbrasil.gov.br)
Autoridad de Certificacion Firmaprofesional
Baltimore (http://www.baltimore.com)
Belgacom E-Trust (http://www.e-trust.be)
CC Signet (http://www.signet.pl)
CAMERFIRMA (http://www.camerfirma.com)
Certic?mara S.A. (http://www.certicamara.com/)
Certisign (http://www.certisign.com.br/)
CertPlus (http://www.certplus.com)
Colegio de Registradores
Comodo Group (http://www.comodogroup.com/)
ComSign (http://www.ComSign.co.il)
Correo
Deutsche Telekom (http://www.telekom.de)
DST (http://www.digsigtrust.com/)
Entrust (http://www.entrust.com/certificate_services/index.htm)
eSign (http://www.esign.com.au/)
EUnet International (http://www.eunet.fi/)
FESTE (http://www.feste.org/)
First Data Digital Certificates (http://www.firstdata.com/index.jsp)
FNMT (http://www.ceres.fnmt.es/)
Gatekeeper Root CA (http://www.agimo.gov.au/infrastructure/gatekeeper)
GeoTrust (http://www.geotrust.com)
GlobalSign (http://www.globalsign.com/)
GoDaddy (http://www.godaddy.com)
Hongkong Post (http://www.hongkongpost.gov.hk/product/cps/ecert/index.html))
IPS SERVIDORES (http://www.ips.es/)
KMD (http://www.kmd-ca.dk)
NetLock (http://www.netlock.hu/)
Post.Trust (http://www.post.trust.ie/)
PTT Post (http://www.ptt-post.nl)
Quovadis (http://www.quovadis.bm/)
RSA (http://www.rsasecurity.com/)
Saunalahden Serveri (http://www.saunalahti.fi/)
SECOM Trust.net (http://www.secomtrust.net)
SecureNet (http://www.securenetasia.com/)
SecureSign (http://www2.jcsinc.co.jp)
Serasa (http://www.serasa.com/)
SIA (https://ca.sia.it/)
Sonera (http://www.sonera.com/)
Spanish Property & Commerce Registry (https://www.registradores.org))
TC TrustCenter (http://www.trustcenter.de/)
TDC (http://www.tdc.dk)
Thawte (http://www.thawte.com/)
Trustis Limited (http://www.trustis.com)
TW Government Root Certification Authority
Unizeto Certum (http://www.certum.pl)
UserTRUST (http://www.usertrust.com/)
ValiCert (http://www.valicert.com/)
Verisign (http://www.verisign.com/)
Visa
Wells Fargo Root Certificate Authority (http://www.wellsfargo.com/certpolicy)
XRamp (http://www.xramp.com)

1 comment:

  1. My GlobalSign SAN SSL Certificate is due to expire, and I normally renew straight with the certificate authority. Although a 'techie' friend of mine recommended a reseller in the UK; SSL247 and I have found it cheaper than going to the authoritys own site straight away! Maybe you can also list resellers also as this may be useful for other users.

    ReplyDelete