On 03.02.2012 22:32

Active cards: 1163918

Digital signatures: 73370124

Electronic authentications: 122614846

Sertifitseerimiskeskus

Arvutikaitse

EST | RUS

Certificates

A certificate is a proof by which one user introduces him- or herself to another (e.g., a conversation partner or a server) and makes a transaction based on this identification, by issuing a digital signature, for example.

 

 

A device certificate is a proof issued by the Certification Centre to an owner of an electronic device or a server. The device or the server proves the authenticity of its identity to other persons or devices.

A typical device certificate is a web server certificate, by which a web server proves its "authenticity" to users. When visiting a server that is equipped with a certificate, a user can be certain that he or she communicates with the right organisation and server instead of a false server with forged design where it is easy to get cheated in some way.


How does a device certificate work?

Device certificates are always issued by certain certification agencies. When a user establishes a connection with a server, he or she receives a device certificate from the server. The rest will depend on the user's settings - whether or not he or she has deemed the particular certification agency trustworthy. If not, the certificate must be accepted manually.

Device certificates are issued to certain device names - for example http://www.example.com and http://help.example.com need different certificates. What matters is the server name, for example www.example.com.


How to get a device certificate?

In order to get a device certificate, you must first fill out an application form which can be received from a provider of certification services and which will constitute the basis for issuing the certificate. It is also necessary to generate a secret key to accompany the certificate and prepare a certain certification request (CSR, Certificate Signing Request). The CSR is a request sent from the owner of a server to a certification agency, whereas the request must be in a certain format of the applicant and it will be used as a basis for issuing the certificate.

Preparation of a certification request with Microsoft IIS 5.x / 6.x.

Preparation of a certification request with Apache mod_ssl.

The application and the CSR are submitted to the provider of certification services and the latter will issue the certificate.

Generation of the CSR is different in various software packages and it is hereby impossible to describe all these different systems in detail. In case of problems, please consult your software manual.

Viimati uuendatud: 25.01.2010