Certificates

Certificate (public key certificate),is a digitally signed statement that binds the value of a public key to the identity of the person, device, or service that holds the corresponding private key.

Benefits of using certificates is that hosts no longer have to maintain a set of passwords for individual subjects who need to be authenticated as a prerequisite to access. Instead, the host merely establishes trust in a certificate issuer.

A certificate is valid only for certain period of time specified within it(Valid From and Valid To dates).

Information it contains
The subject’s public key value.
The subject’s identifier information, such as the name and e-mail address.
The validity period (the length of time that the certificate is considered valid).
Issuer identifier information.
The digital signature of the issuer, which attests to the validity of the binding between the subject’s public key and the subject’s identifier information.

Certificates can be used for:

Authentication, which verifies the identity of someone or something.
Privacy, which ensures that information is only available to the intended audience.
Encryption, which disguises information so that unauthorized readers are unable to decipher it.
Digital signatures, which provide nonrepudiation and message integrity.

Certificate file formats

Personal Information Exchange (PKCS #12):-PFX supports secure storage of certificates, private keys, and all certificates in a certification path.

Cryptographic Message Syntax Standard (PKCS #7):-PKCS #7 format supports storage of certificates and all certificates in the certification path.

DER-encoded binary X.509:-The Distinguished Encoding Rules (DER) format supports storage of a single certificate. This format does not support storage of the private key or certification path.

Base64-encoded X.509:-The Base64 format supports storage of a single certificate. This format does not support storage of the private key or certification path.

View the certificate
——————–
from internet option content then certificate and choose which certificate information want to view
Double-click a certificate to view its properties and intended uses. This information is displayed on three tabs: General, Details, and Certification Path.

General tab
Supported uses of the certificate. Summary information, such as the applications, signing, encryption, or authentication, for which the certificate can be used. This section also explains if a certificate has expired or is not valid.

Entity to which the certificate was issued. The name of recipient of the certificate. Recipients can include end users, computers, or entities such as certification authorities (CAs).

The issuer of the certificate. The name of the CA that issued the certificate.

Validity period of the certificate. This includes the date the certificate becomes valid to the date that the certificate expires.

Issuer statement. Clicking the Issuer Statement button opens a separate window that contains additional information about the certificate or a URL where additional information can be obtained.

Details Tab
Version. The X.509 version number.

Serial number. The unique serial number that the issuing certification authority (CA) assigns to the certificate. The serial number is unique for all certificates issued by a given CA.

Signature algorithm. The hash algorithm that the CA uses to digitally sign the certificate.

Issuer. Information regarding the CA that issued the certificate.

Valid from. The beginning date for the period in which the certificate is valid.

Valid to. The final date for the period in which the certificate is valid.

Subject. The name of the individual, computer, device, or CA to whom the certificate is issued. If the issuing CA exists on a domain member server in your enterprise, this will be a distinguished name within the enterprise. Otherwise, this may be a full name and e-mail name or other personal identifier.

Public key. The public key type and length associated with the certificate.

Thumbprint algorithm. The hash algorithm that generates a digest of data (or thumbprint) for digital signatures.

Thumbprint. The digest (or thumbprint) of the certificate data.

Friendly name. (Optional) A display name to use instead of the name in the Subject field.

Enhanced key usage. (Optional) The purposes for which this certificate can be used.

To import a certificate
————————
Open the Certificates snap-in for a user, computer, or service.

In the console tree, click the logical store where you want to import the certificate.
On the Action menu, point to All Tasks, and then click Import to start the Certificate Import Wizard.
Type the file name containing the certificate to be imported. (You can also click Browse and navigate to the file.)

If it is a PKCS #12 file, do the following:
Type the password used to encrypt the private key.
(Optional) If you want to be able to use strong private key protection, select the Enable strong private key protection check box.
(Optional) If you want to back up or transport your keys at a later time, select the Mark key as exportable check box.

Do one of the following:
If the certificate should be automatically placed in a certificate store based on the type of certificate, click Automatically select the certificate store based on the type of certificate.
If you want to specify where the certificate is stored, select Place all certificates in the following store, click Browse, and choose the certificate store to use.

To export a certificate
———————–
Open the Certificates snap-in for a user, computer, or service.

In the console tree under the logical store that contains the certificate to export, click Certificates.
In the details pane, click the certificate that you want to export.
On the Action menu, point to All Tasks, and then click Export.
In the Certificate Export Wizard, click No, do not export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)
Provide the following information in the Certificate Export Wizard:
Click the file format that you want to use to store the exported certificate: a DER-encoded file, a Base64-encoded file, or a PKCS #7 file.

If you are exporting the certificate to a PKCS #7 file, you also have the option to include all certificates in the certification path.

If required, in Password, type a password to encrypt the private key you are exporting. In Confirm password, type the same password again, and then click Next.

In File name, type a file name and path for the PKCS #7 file that will store the exported certificate and private key. Click Next, and then click Finish.

To export a certificate with the private key
——————————————–
Open the Certificates snap-in for a user, computer, or service.

In the console tree under the logical store that contains the certificate to export, click Certificates.
In the details pane, click the certificate that you want to export.
On the Action menu, point to All Tasks, and then click Export.
In the Certificate Export Wizard, click Yes, export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)
Under Export File Format, do any of the following, and then click Next.
To include all certificates in the certification path, select the Include all certificates in the certification path if possible check box.

To delete the private key if the export is successful, select the Delete the private key if the export is successful check box.

To export the certificate’s extended properties, select the Export all extended properties check box.

In Password, type a password to encrypt the private key you are exporting. In Confirm password, type the same password again, and then click Next.

In File name, type a file name and path for the PKCS #12 file that will store the exported certificate and private key. Click Next, and then click Finish.

To request a certificate
————————-
Open the Certificates snap-in for a user or computer.

In the console tree, click Certificates – Current User or Certificates (Local Computer). Select the Personal certificate store.

On the Action menu, point to All Tasks, and then click Request New Certificate to start the Certificate Enrollment wizard. Click Next.

Select the types of certificates that you want to request.

You can click Details to review additional information about each certificate.

If a caution symbol appears below the certificate, you might need to provide additional information before requesting that type of certificate. Click the More information is required to enroll for this certificate. Click here to configure message and provide the requested information, such as a subject name or the location of a valid signing certificate.

To finish, click Enroll.

To renew a certificate with the same key
—————————————–
Open the Certificates snap-in for a user, computer, or service.

In the console tree, expand the Personal store, and click Certificates.

In the details pane, select the certificate that you are renewing.

On the Action menu, point to All Tasks, point to Advanced Operations, and then click Renew this certificate with the same key to start the Certificate Renewal Wizard.

If more than one certificate is listed in the Request Certificates window, select the certificate that you want to renew. Do one of the following:

Use the default values to renew the certificate.

Click Details, and then click Properties to provide your own certificate renewal settings. You need to know the certification authority (CA) issuing the certificate.

Click Enroll. After the Certificate Renewal Wizard has successfully finished, click Finish.

To renew a certificate with a new key
————————————-
Open the Certificates snap-in for a user, computer, or service.

In the console tree, expand the Personal store, and then click Certificates.

In the details pane, select the certificate that you are renewing.

On the Action menu, point to All Tasks, and then click Renew Certificate with New Key to open the Certificate Renewal Wizard.

In the Certificate Renewal Wizard, do one of the following:

Use the default values to renew the certificate.

(For advanced users only) Click Details, and then click Properties to provide your own certificate renewal settings. You need to know the cryptographic service provider (CSP) and the certification authority (CA) issuing the certificate.

You need to select the key length (measured in bits) of the public key associated with the certificate.

You can also choose to enable strong private key protection. Enabling strong private key protection ensures that you are prompted for a password every time the private key is used. This is useful if you want to ensure that the private key is not used without your knowledge.

When you are ready to request a certificate, click Enroll. After the Certificate Renewal Wizard has successfully finished, click Close.

Advertisements

Posted on July 8, 2012, in General, Uncategorized, Web. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: