Cryptography - Signed Certificate

> Software Security > Cryptography - Key

1 - About

A signed certificate is a certificate that have been signed

A certificate is insecure until it is signed, as only a signed certificate cannot be modified.

Only a certificate signed by a third Certificate Authority assure the authenticity of the owner.

Advertising

3 - Procedure

3.1 - CA

  • A Certificate Signing Request is generated from the Private Key.
  • The Certificate Signing Request (CSR) is send to the Certificate Authority (CA)
  • The CA will challenge the sender to prove its ownership of the domain. For instance:
    • setting a DNS TXT record
    • or hosting a file somewhere on a random path on the domain.
  • Once this challenge has been satisfied the CA will issue the certificate

3.2 - Self-Signed

This is basically the same procedure than above but without the identity validation step.

See Cryptography - How to self-signed a Certificate (for a test or internal server)

4 - Challenge

4.1 - Domain Validated

The domain validated certificate has just prove the ownership of a domain. For instance:

  • setting a DNS TXT record
  • or hosting a file somewhere on a random path on the domain.
Advertising