?
Solved

Trusted SSL Certificate vs non-trusted SSL certificate

Posted on 2014-03-24
2
Medium Priority
?
428 Views
Last Modified: 2014-03-26
Could someone please explain what the difference is between a trusted certificate and a non-trusted certificate>

Thanks
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 29

Assisted Solution

by:becraig
becraig earned 1000 total points
ID: 39950873
The short answer is a "Trusted Certificate" is a certificate authority publicly trusted.

e.g.
If you call a website with SSL the idea behind using SSL is that the content is encrypted between server and client. A trusted publisher is regulated by government authorities etc and their root and Intermediate certificates are distributed with OS's such as windows etc.

Anyone can be a Certificate Authority (with the right software) as such anyone can issue a certificate, the difference being if the ROOT and Intermediate certificates are not trusted by your computer it will be an untrusted certificate, since unlike publicly trusted Authorities, your root and intermediates certificates are not known to the computer / user.

That is the short answer.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 1000 total points
ID: 39955288
Verifying a certificate as "trusted" is actually a pretty complex process.

In order to be trusted, the certificate must be valid, and must have either a CN or a SAN entry that matches the site you are trying to connect to (for server certificates; for email, they must have the email address of the user, and there is usually no special condition for a client certificate).

In order to be valid, the certificate must be:
a) within its validity date range
b) have a purpose appropriate to the thing you are attempting to do (you can get different sorts of certificate, so an email certificate is rarely also valid as a webserver certificate)
c) have a correct signature
d) be signed by a certificate that is itself trusted

Which brings us to certificate chains. one of the purposes a certificate CAN have is as a signing (CA) certificate, and only such certificates are allowed to sign other certificates (although any certificate can sign itself) - You can have an entire chain of such certificates, and need not have the entire chain available at the start of verification (however, a certificate will not be trusted unless you either have or can fetch the signing certificate, and the signing certificate itself is valid)

Finally, each certificate chain must end with a certificate that is in your local trust store; windows has such a store, as do all browsers and the java environment. The trusting application will check first the chain, then when it finds a certificate that is signed by itself, will look for that in its local trust store - should it find it, then the chain (and hence the certificate itself) is trusted, otherwise you have a valid (but untrusted) chain and hence a valid (but untrusted) certificate.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question