digital certificates made easy sam lutgring director of informational technology services calhoun...
TRANSCRIPT
![Page 1: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/1.jpg)
Digital CertificatesMade Easy
Sam LutgringDirector of Informational Technology Services
Calhoun Intermediate School District
![Page 2: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/2.jpg)
WHAT ARE WE HERE for?
![Page 3: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/3.jpg)
WHAT’S A Digital Certificate?
A (digital) form of identification– Drivers License– Passport
Provides “information” about identity– Contains the public key of the entity identified in the
certificate– The public key is matched to an identity and guaranteed
by the issuer (Certificate Authority)
![Page 4: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/4.jpg)
Certificate Uses
Personal– Used to identify/validate individuals
Server– Used to verify its identity to users– Bases for encryption
Software Publisher– Used to sign/verify software
Authority– Used to verify “signed” certificates
![Page 5: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/5.jpg)
Certificate “Flavors”
Public– Public signed certificate leveraging the PKI (Public Key Infrastructure)
Private– Self generated/signed
Wild Card– Used to represent a domain rather then a site
Secure– 40 to 256 bit encryption
Secure Pro– 128 to 256 bit encryption
Extended Validation (EV)– Triggers the green address bar
![Page 6: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/6.jpg)
Makeup of a Certificate
Version number: X.509 standard
Serial number– Uniquely identifies the certificate
Certificate algorithm identifier– Key algorithm used to sign the
certificate
Issuer
Validity period– The start (Valid from) and
expiration date (Valid to)
Subject– Name of the owner
![Page 7: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/7.jpg)
Makeup of a Certificate
Subject public key information– The owners public key and its algorithms
Issuer unique identifier
Subject unique identifier– Unique identifier of the certificate owner
Extensions– Additional information related to the use and handling
Certification authority's digital signature– Digital signature made with the certification authority's private
key
![Page 8: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/8.jpg)
Certificate Verification
Certification Authority’s Name
Your Identification InformationYour Public Key Value
Certification Authority’s Digital Signature
Certificate Authority’sPublic Key
Message Digest
![Page 9: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/9.jpg)
Certificate Verification
![Page 10: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/10.jpg)
WHERE to GET CERTIFICATES
www.verisign.com
www.godaddy.com
www.thwart.com
Generate your own
![Page 11: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/11.jpg)
How to Get Certificates
Generate a request from the server
Send the request to the certificate authority (CA)
The certificate authority (CA) verifies your identity
The certificate authority (CA) signs the certificate and returns it
You install the certificate on your server
![Page 12: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/12.jpg)
COMMON ERRORS
Outside valid dates
Site name does not match– Custom URL– Redirect
Cannot be validated against the CA• Common with self signed certificates
Key does not match
![Page 13: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/13.jpg)
SSL/TLS
Secure Socket Layer – SSL
Transport Layer Security – TLS
Really what we are talking about is encryption that provides cryptographic security over network infrastructure like the Internet
Encrypts the end-to-end segments of the connections at the Transport Layer (UDP/TCP)
Commonly used to secure application protocols like HTTP, SMTP, ETC
![Page 14: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/14.jpg)
SSL/TLS
Link
Network
Transport
ApplicationTelnet, FTP, SMTP,
HTTP
TCP UDP
IP, ICMP, IGMP
Network interface and device driver
TLS/SSLENCAPSULATION
![Page 15: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/15.jpg)
SSL/TLS
![Page 16: Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District](https://reader037.vdocuments.us/reader037/viewer/2022103005/56649e435503460f94b35dc5/html5/thumbnails/16.jpg)
Questions?