Changes between Version 2 and Version 3 of How_does_PKI_work


Ignore:
Timestamp:
07/28/12 07:07:28 (12 years ago)
Author:
krzee king
Comment:

slight grammar

Legend:

Unmodified
Added
Removed
Modified
  • How_does_PKI_work

    v2 v3  
    5252
    5353== Servers and their certificates ==
    54 The server needs to a private key, its certificate and the CA certificate.  The first step is to generate a new private key.  This private key is specific to this server.  To get such a needed certificate, the server needs to generate a Certificate Signing Request (CSR).  This is a file which needs to be sent to your CA.  The contents of this file is a public key derived from the private key.  This makes it possible to encrypt information, but to decrypt you need the private key.  In addition the CSR will contain hostname information, location and other information needed to identify the server.  It is also a server flag set in the CSR which will later be used to differentiate servers from clients.  This information is then signed using the private key.  Since the public key is also attached, the CA can validate that the information haven't been modified afterwards.
     54The server needs to have a private key, its certificate and the CA certificate.  The first step is to generate a new private key.  This private key is specific to this server.  To get such a needed certificate, the server needs to generate a Certificate Signing Request (CSR).  This is a file which needs to be sent to your CA.  The contents of this file is a public key derived from the private key.  This makes it possible to encrypt information, but to decrypt you need the private key.  In addition the CSR will contain hostname information, location and other information needed to identify the server.  It is also a server flag set in the CSR which will later be used to differentiate servers from clients.  This information is then signed using the private key.  Since the public key is also attached, the CA can validate that the information haven't been modified afterwards.
    5555
    5656When the CA processes your CSR, all this information provided in the CSR needs to be verified.  When the person operating the CA finds good enough, the CA will sign this CSR with it's private key.  And the output will be the information from the CSR, the servers public key and the CA signature.  All this is stored inside a certificate file (CRT) which is sent back to the server, together with the CA certificate.