identity. A passport contains your name, birthdate, and (Yahoo web hosting)
identity. A passport contains your name, birthdate, and birthplace. An SSL certificate contains yourname, location (country, state/province, and city), organization name, and e-mail address. Passports (and SSL certificates) also provide somemethod for ensuring that your identity is correct. Your passport contains a photograph that someonecan compare with your face. An SSL certificate con- tains the public half of a public/private key pair. A passport also contains safeguards against forgery: Every passport contains a watermark, and manygovernments will soon issue passports that containholograms (which are very difficult to forge). Like- wise, an SSL certificate is digitally signed with theissuer s private key, and any tampering makes thedigital signature invalid. Passports and SSL certificates share another impor- tant characteristic: They re both issued by trustedthird parties. A border authority isn t likely to trust apassport that you ve issued to yourself. Instead, apassport office (the U.S. State Department, for exam- ple) verifies your identity and issues a passport. Foreign governments trust that the passport officehas done a thorough job investigating your identity. SSL certificates work the same way. Choosing an SSL CertificateTo obtain an SSL certificate, you send a request(called a certificate signing request, or CSR), alongwith proof of your identity, to a trusted authority. The trusted authority (also known as a certificationauthority, or CA) compares your request to the proofof identity that you provide, and if it s satisfied thatyou are who you claim to be, it issues you a certifi- cate. The certificate that you receive is signed withthe issuer s private key you can verify the signa- ture by using the issuer s public key. You can get three different types of SSL certificate, and each provides a different level of trust: A self-signed certificate is untrustworthy (butuseful for testing). A certificate signed by a local CA (a CA that youcreate and manage yourself) can be trusted byyour peers. A certificate signed by a well-known CA can betrusted by outside parties (that is, customers). Obtaining a signed certificate costs money. The CAassumes the work of verifying your identity and main- taining a database of valid certificates. A number ofcompanies are in the certification business, and twoof the best known are VeriSign (www.verisign.com) and thawte (www.thawte.com). If you decide to go thisroute, see the following section, Creating a CertificateSigning Request, for details on how to get the certifi- cate from a CA. If you want to test out your Web site before you shellout a few bucks to a CA, you can create a self-signedcertificate. A self-signed certificate looks and actslike a normal certificate except for one very impor- tant difference: You should never trusta self-signedcertificate. Trusting a self-signed certificate is liketrusting a self-issued passport. Anyone can create aself-signed certificate, and more importantly, anyonecan forge a self-signed certificate. We explain howthis is done in the Creating a Self-Signed Certificate section, later in this technique. In some cases, you may want to act as a CA yourself. For instance, if you head up the IT department at alarge company, you can issue certificates to in-houseWeb servers without having to pay a third-party CAfor each one. You might use your in-house CA to distribute trusted software or deliver confidentialcontent such as payroll information. Creating a Certificate Signing Request To request a signed certificate from a CA, you mustfirst create a certificate signing request (or CSR). The55_
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.