What does a client do to verify a server certificate?

My first question is What specifically does a client do to verify a certificate that it was given by a web server(or anything really) is valid?

Part 2 is I am upgrading a MS 2003 Ent enterprise CA to 2008R2 Enterprise, well really I am migrating it to a new VM with the same name and a different IP address. In the process there is a small point where the old CA will be down, the new will be up but not have the config restored yet. Will this affect any communications that were started before the migration or any new communications?
amylinrobAsked:
Who is Participating?
 
losipConnect With a Mentor Commented:
Normally, a certificate is valid until it expires.  However, it is possible to revoke a certificate for a number of reasons (10 are defined by RFC 5280) and its serial number is published in a Certificate Revocation List (CRL).

Therefore, clients expect to periodically access the CRL, whose publishing location is defined in the certificate, to see if it has been revoked.  Few clients will immediately bomb out if the CRL is not accessible but you may see warnings logged.

There are other methods of checking certificate validity, such as Online Certificate Status Protocol (OCSP) and this is used for high status applications.

Kerberos uses symmetric cryptography and needs reliable online access to a Key Distribution Center but the migration of your CA won't affect this.

Hope this helps
0
 
MajorBigDealConnect With a Mentor Commented:
Once the client receives the server's certificate it makes the following checks. Is the date valid? Do I trust the organization that issued the cert?  Can I verify that the cert really came from that organization (by verifying the digital signature). Does the domain name match?

If all that is OK, then the client thinks the server is authentic and proceeds with the SSL handshake.   If something is wrong the it usually displays a message warning about the potential problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.