Certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes. There are many commercial CAs that charge for their services. Institutions and governments may have their own CAs, and there are free CAs. Issuing a certificate A CA will issue a public key certificate which states that the CA attests that the public key contained in the certificate belongs to the person, organization, server, or other entity noted in the certificate. A CAs obligation in such schemes is to verify an applicants credentials, so that users (relying parties) can trust the information in the CAs certificates. The usual idea is that if the user trusts the CA and can verify the CAs signature, then they can also verify that a certain public key does indeed belong to whomever is identified in the certificate. List of certificate authorities Here is a list of some common certificate authorities (CA). For a CA to be of any use, the client must trust the CA. In case of a browser visiting a web site with a certificate, the CA for that certificate should ideally be known by the browser. If not, the user will be asked whether to trust the CA. Some of the CAs below claim to be known by 99% of all browsers. • VeriSign • Thawte • Entrust • QuoVadis • GoDaddy • Cacert (free CA) • EJBCA Scenario for Securing the Web Server using CA( Certification Authority)Socket AddressThe combination of the IP Address and Port Number is called as Socket Address.
Steps to Secure the IIS using Certification Authority:1.Create one web site in IIS Web Server IP 126.96.36.199 M 255.0.0.02.Install the Certification Authority Certification Authority Server IP 188.8.131.52 M 255.0.0.03.Seuring the Web Server using ( Server Certificate ) a. Obtain Web Server Certificate from Web Server Steps to obtain the Server Certificate : 1.Go to Properties of the Web Server Web site 2. Select the Directory Security -> Server Certificate -> Next -> Create a new Certificate ->Send the Request Immedate to the online Certification Authority -> Next ………. 3.Go to Properties of the Web Server Web site -> Genral -> SSL Port 1234 -> OK4.Try to access the web site at the client side. ( The Response is : The must be viewed over a secure Channel )Steps to download the Client Certificate from the Certification AuthorityClient can use the Certification Authority Web site to download the Client CertificateSteps to download :1. mmc -> console-> add/Remove snap-in -> add -> Certificates -> My user Account -> OKSSL ( Secure Socket Layer )pronounced as separate letters) Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting privatedocuments via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known toeveryone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and InternetExplorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit cardnumbers.By convention, URLs that require an SSL connection start with https.Meer Shahnawaz ( Abdullah )Netmetric Solutions ,