Context Navigation

← Previous Change
Wiki History
Next Change →

Changes between Version 2 and Version 3 of How_does_PKI_work

Timestamp:: 07/28/12 07:07:28 (12 years ago)
Author:: krzee king
Comment:: slight grammar

Legend:

: Unmodified
: Added
: Removed
: Modified

How_does_PKI_work

v2	v3
52	52
53	53	== Servers and their certificates ==
54		The server needs to a private key, its certificate and the CA certificate. The first step is to generate a new private key. This private key is specific to this server. To get such a needed certificate, the server needs to generate a Certificate Signing Request (CSR). This is a file which needs to be sent to your CA. The contents of this file is a public key derived from the private key. This makes it possible to encrypt information, but to decrypt you need the private key. In addition the CSR will contain hostname information, location and other information needed to identify the server. It is also a server flag set in the CSR which will later be used to differentiate servers from clients. This information is then signed using the private key. Since the public key is also attached, the CA can validate that the information haven't been modified afterwards.
	54	The server needs to have a private key, its certificate and the CA certificate. The first step is to generate a new private key. This private key is specific to this server. To get such a needed certificate, the server needs to generate a Certificate Signing Request (CSR). This is a file which needs to be sent to your CA. The contents of this file is a public key derived from the private key. This makes it possible to encrypt information, but to decrypt you need the private key. In addition the CSR will contain hostname information, location and other information needed to identify the server. It is also a server flag set in the CSR which will later be used to differentiate servers from clients. This information is then signed using the private key. Since the public key is also attached, the CA can validate that the information haven't been modified afterwards.
55	55
56	56	When the CA processes your CSR, all this information provided in the CSR needs to be verified. When the person operating the CA finds good enough, the CA will sign this CSR with it's private key. And the output will be the information from the CSR, the servers public key and the CA signature. All this is stored inside a certificate file (CRT) which is sent back to the server, together with the CA certificate.