Re: Installing Certificates . Why?? help please

On Mon, 27 Aug 2007 10:48:35 +0200, Jim Watt wrote:

On Sun, 26 Aug 2007 12:09:23 GMT, "Galadrial"
<galadrial@xxxxxxxxxxxxxxxxxxxxxx> wrote:

I know little about security certificates but am following advice to check
the details when using an HTTPS site. Can anyone tell me what the Install
Certificate option is when I check, for instance GRC's certificate?

Thanks for your time

I think Certificates on a web server have three uses

1. To show that the site is genuine
2. To encrypt the session
3. To generate an income for the certificate authority (CA)

Because the CA takes reasonable care not to issue, for
example a certificate saying 'Microsoft' to joe hacker
then it establishes trust that you really are dealing
with say, Microsoft.

If you can trust that the site you are using really
is genuine, and it happens to be someone who has generated
his own certificate, because they know how and wish to
avoid paying a CA, then its OK to add it to your browser.

The CA root certificates get added automatically by the
browser authors, but obviously they do not cater for people
who 'roll their own' so there is the provision to add them
yourself, under caution.

For a serious e-commerce website, its a false economy to
do this, although I do know a large bank who use the wrong
certificate on their electronic banking site. For a small
e-commerce site, like GRC's its reasonable.

You either trust him or you don't. I use spinrite and
its saved my arse, and he did pick up on the 'real downloader'
spyware issue rather well when I mentioned it to him, so I
think he is OK, Sebastian seems to be of the other view.

Not that it matters much.

Complicating the CA issue is Comodo's free issuance of CAs.
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"

Relevant Pages

  • Re: Music and Arts website question
    ... I find that if I use my browser to select a secure page at the ... However, the security certificate ... When you access to a website that uses SSL, ... decide whether to trust that the server is who it claims to be. ...
  • Re: Music and Arts website question
    ... When you access to a website that uses SSL, your browser asks the server to present its digital certificate and validates two things: ... If either of these are not true, you get a warning and it's up to you to decide whether to trust that the server is who it claims to be. ...
  • Re: Proposal for a new PKI model (At least I hope its new)
    ... That is say I trust Paul Rubin's public key. ... two basic reasons for the SSL server domain name certificate: ... certificates have to check with the domain name infrastructure to see ... CA/PKI industry is that public keys be registered with the domain name ...
  • Re: How to starthandshake with client browser??
    ... > And then what should i do to handshake with browser? ... Please see my other post in this thread pointing you to WebScarab. ... getting the browser to trust your certificate. ...
  • Re: HTTPS slowness
    ... You don't usually validate the certificate by making another request to a third party, usually you have the "trusted" certificate authorities public key already on file, and you use that to validate that certificate was signed by that certificate authority. ... I put trusted in quotes, because who decides the trust is by default the company who built your OS or browser, not the person who is actually using the browser. ...