x.509 questions

From: bsd_mike <bsddorin@xxxxxxxxx>
Date: Fri, 08 Jun 2007 01:50:58 -0000

Just wondering what is the process that a system goes through to
validate
an x.509 certificate.

For example, say a web client gets a certificate from a web server
that has been signed by a trusted certificate authority, how does the
client
check the validity?

Does client connect with the CA for this verification and if so, what
protocol
defines how this communication takes place? Is there an RFC that
defines this?

Or does the client have a bunch of built in public keys for well
known
CA's?

I hope I am phrasing my question correctly. In a nutshell. How does
a
client figure out if a ceritifcate is valid? If it needs to connect
with a CA,
which RFC defines the protocol it uses for the connection?

Assuming it does have to connect with the CA, how does the client know
that it is really connected to the CA and not some other place because
Garth has mucked with the DNS server?

Thank in advance.
-Mike

.

Follow-Ups:
- Re: x.509 questions
  - From: Bruce Stephens

Prev by Date: Re: Security Risks of Firewire and PCMCIA DMA
Next by Date: Re: x.509 questions
Previous by thread: Security Risks of Firewire and PCMCIA DMA
Next by thread: Re: x.509 questions
Index(es):
- Date
- Thread

Relevant Pages

Re: SSL issue
... On the client side there is a setting you can change to require cert validation. ... When I connect to this Terminal Server from a domain client, which has a certificate pushed to it via group policy, the connection works as advertised. ...
(microsoft.public.windows.terminal_services)
Re: Cannot request computer certificate.
... >problem since you can not request a certificate while logged onto the CA. ... Verify that you can ping it by name and IP address from the client ... >> Kerberos, or dns. ... >> List of NetBt transports currently bound to the Redir ...
(microsoft.public.windows.server.security)
Re: The message must contain a wsa:To header
... My client app is not generating a trace file. ... the client is not applying the WSE policy at all because of an ... at ApplicationMessagingWS.Dispatch(String messageType, String ... look for a certificate with this subject name in the certificate store ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: L2TP/IPSec from XP client to Windows 2003 Server
... ie no valid cert found on client - contacted Microsoft ... Windows Server 2003 Certificate Authority running ... The next step is to install Certificate Services on the Windows Server ... From Networks Connections on the client, ...
(microsoft.public.security)
Re: Cannot request computer certificate.
... I would verify that the certificate services service is running and set to ... Verify that you can ping it by name and IP address from the client ... > Kerberos, or dns. ... > List of NetBt transports currently bound to the Redir ...
(microsoft.public.windows.server.security)