root CA and cert validation / communication??
am 07.12.2006 23:15:01 von jacob600
I need to understand the basics of using CA root certs on the browser and
what happens in the background to validate the cert.
1) If the browswer has say, for example, the public key for Verisign or
Microsoft.com (root CA) then when I hit a site that has been issued a key
from say, Verisign, will the browser need to go out and still validate that
the cert is valid by quering Verisign or does it do this by looking its local
Verisgn public key?
2) I have seen, or so I thought, instances where the client or server even in
server-to-server communication attempt to go out and validate the cert being
presented to it. When would it go out and validate the cert with the root CA
and when would it NOT?
Any information would be highly appreciated including any good links.
Thank you,
Re: root CA and cert validation / communication??
am 08.12.2006 08:07:53 von Bernard
Read
Description of the Server Authentication Process During the SSL Handshake
http://support.microsoft.com/?id=257587
--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/
"jacob600" wrote in message
news:CCC40A18-F886-4EC0-B3B5-6ABBD442FE6C@microsoft.com...
>I need to understand the basics of using CA root certs on the browser and
> what happens in the background to validate the cert.
>
> 1) If the browswer has say, for example, the public key for Verisign or
> Microsoft.com (root CA) then when I hit a site that has been issued a key
> from say, Verisign, will the browser need to go out and still validate
> that
> the cert is valid by quering Verisign or does it do this by looking its
> local
> Verisgn public key?
>
> 2) I have seen, or so I thought, instances where the client or server even
> in
> server-to-server communication attempt to go out and validate the cert
> being
> presented to it. When would it go out and validate the cert with the root
> CA
> and when would it NOT?
>
> Any information would be highly appreciated including any good links.
>
> Thank you,