Types of Certificates
Self-signed: This type of certificate is owned by the server that signed it. They will be untrusted inside an organization until the certificate is imported into the machine attempting to access the server,
Root: Identifies the CA (Certificate Authority). Since no authority is higher than the root, its certificate must be self-signed.
User: Certificate templates are available for standard users, administrators, recovery agents, and smart card logon.
Email: These are used for digital signatures and email encryption/decryption. Emails can be referred to as messages or electronic messages.
Code-signing certificates: These are used with software/applications to validate the integrity of the product for the end user.
Domain Validation (DV): This proves the ownership of a domain. It is not the most secure method as it is vulnerable to compromise.
Extended Validation (EV): A thorough check is required to validate the domain's ownership. This is also the most trusted certificate, and EV protects against phishing attacks.
Subject Alternative Name (SAN): Some organizations own multiple domains and may combine them into one certificate.
google.com
android.com
youtube.com
Above are just a few of the domains Google owns. These can be combined into one certificate, making this certificate a SAN. If the company adds another domain after the certificate has been issued, they will need to purchase a new certificate.
Below is another example of when you would use a SAN certificate. If the organization installed three different web servers and the certificate needed to match the hostname, it would need a SAN certificate.
http://sales.example.com
http://info.example.com
http://training.example.com
In this case, the hostnames for the above are as follows: "sales", "info", and "training".
Wildcard: The Wildcard certificate will protect all first-level sub-domains as long as they belong to the same domain. This reduces the burden of an administrator having to account for a certificate for each sub-domain.
http://www.research.sample.com
http://www.marketing.sample.com
http://www.dallas.sample.com
http://www.chicago.sample.com
http://www.seattle.sample.com
The five above all belong to the same domain, so instead of five certificates, one could be purchased:
*.sample.com
X.509 Certificate: What you need to know
Hashed with SHA
Encrypted with RSA
The entity that issued the certificate
The entity that the certificate was issued to
The validity date: from and to
No comments:
Post a Comment