Page 588 - StudyBook.pdf
P. 588

572    Chapter 10 • Public Key Infrastructure


              EXERCISE 10.1


              REVIEWING A DIGITAL CERTIFICATE
                  Let’s take a moment to go on the Internet and look at a digital certifi-
                  cate.
                      1. Open up your Web browser, and go to www.syngress.com.
                      2. Select a book and add it to your cart.
                      3. Proceed to the checkout.

                      4. Once you are at the checkout screen, you will see a padlock in
                         your browser. In Internet Explorer 7, this will be to the right of
                         the address box; older browsers place the padlock in the bottom
                         right of the window frame. Open the certificate properties. In
                         Internet Explorer 7, you do this by clicking on the padlock and
                         selecting “View Certificates” from the prompt; older browsers
                         generally let you double-click on the padlock.
                      5. Move around the tabs of the Properties screen to look at the dif-
                         ferent information contained within a certificate.





             Certificate Policies

             Now that you know what a digital certificate is and what it is comprised of, what
             exactly can a digital certificate be issued for? A CA can issue a certificate for a
             number of different reasons, but must indicate exactly what the certificate will be
             used for.The set of rules that indicates exactly how a certificate may be used (what
             purpose it can be trusted for, or perhaps the community for which it can be
             trusted) is called a certificate policy.The X.509 standard defines certificate policies as
             “a named set of rules that indicates the applicability of a certificate to a particular
             community and/or class of application with common security requirements.”
                 Different entities have different security requirements. For example, users want
             a digital certificate for securing e-mail (either encrypting incoming e-mail or
             signing outgoing e-mail), Syngress (as other Web vendors do) wants a digital certifi-
             cate for their online store, and a video hardware manufacturer wants a digital cer-
             tificate they can use to verify that their hardware drivers have passed stringent
             verification tests and can be trusted.All three want to secure their information, and




          www.syngress.com
   583   584   585   586   587   588   589   590   591   592   593