MCTS 70-680: Certifcates in Windows 7
21.2 هزار بار بازدید -
13 سال پیش
-
Certificates are primarily used to
Certificates are primarily used to prove a computer or person's identity. Certificates work on a trust model. In order for a 3rd party to prove they are who they say they are they must be trusted by an Authority. This video looks as how Certificates work in Windows 7 and how the trust model is automatically set up so that your computer can identify sites as being authentic without any additional configuration.
Certificates management demo 07:03
Certificates
Think of a certificate as a container. Inside the container are a number of fields and keys. A basic certificate has fields to identify the site of the domain it came from, for example http://www.example.com. When a computer connects up to this site, the DNS name can be checked against the DNS name and the name in the certificate. If both match the identity of the other side has been confirmed. The fields inside the certificate are signed using a digital signature. This way if any of the fields in the certificate have changed it can quickly be confirmed that the certificate has been tampered with or become corrupted and will not be used.
The public key in the certificate is used to encrypt traffic that can only be decrypted using the private key. The private key is not in the certificate given to the client so only the receiving party can decrypt the encrypted data.
Certificates issued to a client from a https connection can only contain the public key. It is possible to have certificates that have the private key in it. These kinds of certificates generally have a password on them to protect the private key if the certificate falls into the wrong hands.
HTTPS Connections
HTTPS sends data in two directions. In order for this to occur with only one certificate both parties need to randomly choose an encryption key. The client's key is sent to the server encrypted with the public key from the server's certificate. Once the server decrypts the key using its private key, it can use this key to send it's randomly encrypted key back to the client using this key. The client can then decrypt the server's random key using its random key.
Client Certificates
In a lot of cases you can use authentication systems like usernames and passwords to authenticate the client but you can also use client side Certificates. Client certificates allow the server to check the identity of the client. The simplest of these certificates is a self signed certificate. These certificates are generated by the client and are considered very weak and should only be used in a testing environment. The next type of certificate is issued by a trusted authority or CA. A CA can be a Microsoft Server running Certificate services or a 3rd party authority. The important thing to remember is that as long as the client and server trust the CA then they will be able to use any certificate that is generated by that CA.
Managing certificates
In order to manage certificates in Windows 7 you need to run the certificate management tool. This can be launched from the start menu using the certmgr.msc.
Certificates management demo 07:03
Certificates
Think of a certificate as a container. Inside the container are a number of fields and keys. A basic certificate has fields to identify the site of the domain it came from, for example http://www.example.com. When a computer connects up to this site, the DNS name can be checked against the DNS name and the name in the certificate. If both match the identity of the other side has been confirmed. The fields inside the certificate are signed using a digital signature. This way if any of the fields in the certificate have changed it can quickly be confirmed that the certificate has been tampered with or become corrupted and will not be used.
The public key in the certificate is used to encrypt traffic that can only be decrypted using the private key. The private key is not in the certificate given to the client so only the receiving party can decrypt the encrypted data.
Certificates issued to a client from a https connection can only contain the public key. It is possible to have certificates that have the private key in it. These kinds of certificates generally have a password on them to protect the private key if the certificate falls into the wrong hands.
HTTPS Connections
HTTPS sends data in two directions. In order for this to occur with only one certificate both parties need to randomly choose an encryption key. The client's key is sent to the server encrypted with the public key from the server's certificate. Once the server decrypts the key using its private key, it can use this key to send it's randomly encrypted key back to the client using this key. The client can then decrypt the server's random key using its random key.
Client Certificates
In a lot of cases you can use authentication systems like usernames and passwords to authenticate the client but you can also use client side Certificates. Client certificates allow the server to check the identity of the client. The simplest of these certificates is a self signed certificate. These certificates are generated by the client and are considered very weak and should only be used in a testing environment. The next type of certificate is issued by a trusted authority or CA. A CA can be a Microsoft Server running Certificate services or a 3rd party authority. The important thing to remember is that as long as the client and server trust the CA then they will be able to use any certificate that is generated by that CA.
Managing certificates
In order to manage certificates in Windows 7 you need to run the certificate management tool. This can be launched from the start menu using the certmgr.msc.
13 سال پیش
در تاریخ 1390/08/09 منتشر شده
است.
21,219
بـار بازدید شده