Re: SSL certificates -- how are they validated?

From: Rob R. Ainscough (robains_at_pacbell.net)
Date: 06/30/05


Date: Thu, 30 Jun 2005 06:51:40 -0700

Hi Nicole,

So it the issuer chain goes down, then no validation?

Rob.

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uwDb5zWfFHA.484@TK2MSFTNGP14.phx.gbl...
> "Rob R. Ainscough" <robains@pacbell.net> wrote in message
> news:uOsQi5PfFHA.1480@TK2MSFTNGP10.phx.gbl...
>> If I purchase an SSL certificate and install it on my web server, how is
>> it validated? Anytime anyone communicates with my web server does the
>> SSL go out to site that issued the SSL certificate to validate it? Or is
>> this just a one time deal?
>
> This behaviour depends largely on the client application. Most browsers
> will check the CRLs (certificate revocation lists) along the issuer chain
> of a web site certificate only once per browser launch, not for each page
> visited within a site.
>
>
>> Also, can certificates be "updated" when a server is moved or it's IP is
>> changed (and/or domain name)?
>
> There is generally no need to make any changes to a certificate when a
> server is physically moved or when its IP address changes. However, web
> server SSL certificates are mapped to the server host name, so a name
> alteration would require a certificate change (even if the IP address
> doesn't change).
>