Re: SSL certificates -- how are they validated?

From: Rob R. Ainscough (robains_at_pacbell.net)
Date: 06/30/05


Date: Thu, 30 Jun 2005 06:51:40 -0700

Hi Nicole,

So it the issuer chain goes down, then no validation?

Rob.

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uwDb5zWfFHA.484@TK2MSFTNGP14.phx.gbl...
> "Rob R. Ainscough" <robains@pacbell.net> wrote in message
> news:uOsQi5PfFHA.1480@TK2MSFTNGP10.phx.gbl...
>> If I purchase an SSL certificate and install it on my web server, how is
>> it validated? Anytime anyone communicates with my web server does the
>> SSL go out to site that issued the SSL certificate to validate it? Or is
>> this just a one time deal?
>
> This behaviour depends largely on the client application. Most browsers
> will check the CRLs (certificate revocation lists) along the issuer chain
> of a web site certificate only once per browser launch, not for each page
> visited within a site.
>
>
>> Also, can certificates be "updated" when a server is moved or it's IP is
>> changed (and/or domain name)?
>
> There is generally no need to make any changes to a certificate when a
> server is physically moved or when its IP address changes. However, web
> server SSL certificates are mapped to the server host name, so a name
> alteration would require a certificate change (even if the IP address
> doesn't change).
>



Relevant Pages

  • Re: SBS2003 R2 Exchange issue
    ... SBS server, when you expand Public Folders, you get error: SSL certificate ... Restart Exchange System Manager. ...
    (microsoft.public.windows.server.sbs)
  • RE: General Certificate Question
    ... On the "Web Server Certificate" page, choose "Create a new Web server ... If you do not run SBS, please repost your issue in Windows server newsgroup ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS 5.0 Certificate
    ... Your Web server do not send out private key. ... Review this kb on how to use Cert Server with IIS ... Using Certificate Server 2.0 to Generate a Server Certificate for Use with ...
    (microsoft.public.inetserver.iis.security)
  • Re: Issuing Web Browser digital certificates
    ... > My company would like to have an offline Windows Server 2003 standalone ... Users would either be sent a certificate to install or a tech ... I am really not sure how to initiate a request at our offline ... access to the Web server. ...
    (microsoft.public.security)
  • IIS 6 Directory Services Mapping ACL Problems
    ... We are trying to configure certificate based logins using the ... When I authenticate on our web server with my certificate I my domain ... account username shows up in the web log. ... The files are stored on another server in the domain. ...
    (microsoft.public.inetserver.iis.security)