Unix/Linux Go Back    


Security Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

Another Certificate question

Security


Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 08-02-2014
Lost in Cyberia Lost in Cyberia is offline
Registered User
 
Join Date: Jun 2013
Last Activity: 14 September 2016, 6:27 PM EDT
Posts: 58
Thanks: 5
Thanked 0 Times in 0 Posts
Another Certificate question

Hey everyone, another question on certificate chains...

When a site applies for an ssl certificate, do they have to apply to a root CA? or can they apply to a root, or one of the many smaller CA companies? Then once they obtain a cert from that smaller CA, the company gets it's cert signed by a real root? Is evidence of this, when you look at the certificate viewer in a browser and it says something like
Quote:
VERISIGN CLASS C ROOT CA
SomeSmallerCA inc.
example.com

The company, example.com applied for their cert at SomeSmallerCA, inc, which in turned got it's cert signed by Verisign?


Now if I see something like :
Quote:
VERISIGN CLASS C ROOT CA
VERISIGN CLASS C EXTENDED VAL.
example.com

The above means that the company, example.com applied directed to the root CA, but they then signed their main cert with an intermediary cert?

So one is a bottom up application and the other is a top down application process? Can there be a mixture of both? Where you apply to a smaller company which goes up to a root, but the root signs an intermediary, before then finally signing to the smaller CA?

Thanks!

Last edited by rbatte1; 08-04-2014 at 06:38 AM.. Reason: Added QUOTE tags
Sponsored Links
    #2  
Old Unix and Linux 08-05-2014
Perderabo's Unix or Linux Image
Perderabo Perderabo is offline Forum Staff  
Unix Daemon (Administrator Emeritus)
 
Join Date: Aug 2001
Last Activity: 26 February 2016, 12:31 PM EST
Location: Ashburn, Virginia
Posts: 9,931
Thanks: 64
Thanked 469 Times in 270 Posts
In the first case, Verisign has given a certificate to SomeSmallerCA. If you trust Verisign, you can be sure that you are talking to SomeSmallerCA. This does not mean that Verisign assures you that SomeSmallerCA knows what they are doing. So in the first example you have to trust that SomeSmallerCA has verified that example.com is who they say they are. The Verisign certificate only guarantees that you are talking to SomeSmallerCA.

In the second example Verisign is saying that they did an extended validation. There are two levels of validation and "extended" is the better of the two. I'm not sure of the details.
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
question about certificate for domain programAngel Security 0 01-17-2012 07:24 AM
curl certificate error Anjan1 Shell Programming and Scripting 5 01-10-2011 09:05 PM
SSL certificate majid.merkava Security 1 01-07-2011 07:31 PM
SSL certificate netxus Web Programming 1 10-06-2009 11:57 PM
Unix Certificate afuzile Forum Support Area for Unregistered Users & Account Problems 1 02-22-2006 06:17 AM



All times are GMT -4. The time now is 05:40 PM.