Security Certificates: Difference between revisions

From help.computerisms.ca
Jump to navigation Jump to search
No edit summary
Line 13: Line 13:
*Certificate warnings indicates that your computer does not know the origin of the certificate on the server
*Certificate warnings indicates that your computer does not know the origin of the certificate on the server
**When you go to an https enable site that does not show the warning, it is because the certificate on the server and a certificate on your computer have been signed by the same CA
**When you go to an https enable site that does not show the warning, it is because the certificate on the server and a certificate on your computer have been signed by the same CA
**Since Computerisms doesn't pay the hefty fees to have its certificates signed by a CA used by your computer, it cannot verify if the origins of the certificate on the server are legitimate
**Since Computerisms doesn't pay the hefty fees to have its certificates signed by the same CA used by your computer, your computer will not trust the server's certificate  
**Since your computer cannot verify the origin of the certificate on the server, it cannot establish a trust relationship with the server
**Since your computer cannot verify the origin of the certificate on the server, it cannot establish a trust relationship with the server
***The warning will inform you that the certificate on the server cannot be trusted because its origins cannot be confirmed
***The warning will inform you that the certificate on the server cannot be trusted because its origins cannot be confirmed

Revision as of 15:54, 2 August 2012

What are Security Certificates and what are they used for?

  • Security Certificates are a method of establishing trust and encrypting communication between different entities on a network
    • An entity can be a person or a computer
    • Certificates are issued to each entity, much like an identification card might be issued to each member of an organization
    • Each Certificate must be signed by a Certificate Authority, often referred to as the CA
      • Every certificate signed by the CA will trust every other certificate that is also signed by the same CA
    • When two certificates trust each other, they can be used to encrypt a connection
      • This is especially important when transmitting a username and password across the internet
  • Each service provided by Computerisms will use Security Certificates to encrypt network connections
  • Sites you visit that have https:// in the address bar are secured by a certificate

So why do I get a Security Certificate Warning?

  • Certificate warnings indicates that your computer does not know the origin of the certificate on the server
    • When you go to an https enable site that does not show the warning, it is because the certificate on the server and a certificate on your computer have been signed by the same CA
    • Since Computerisms doesn't pay the hefty fees to have its certificates signed by the same CA used by your computer, your computer will not trust the server's certificate
    • Since your computer cannot verify the origin of the certificate on the server, it cannot establish a trust relationship with the server
      • The warning will inform you that the certificate on the server cannot be trusted because its origins cannot be confirmed
      • Since you know the origins of the certificate (It comes from Computerisms), you can override your computer's paranoia
    • By temporarily overriding the warning, you instruct your computer to trust the certificate on the server
    • Once the trust is established, then the certificates can be used to encrypt the communication so your password is not transmitted in clear text
  • Certificates can be purchased for the server so the warning doesn't appear in your browser, but they are prohibitively expensive for our hosting environment
    • Certificates in general are very very expensive in proportion to the effort required to make them.
    • Computerisms can make certificates that will encrypt a connection every bit as good as a paid certificate for a small fraction of the cost
      • Certificates generated by Computerisms will not be automatically trusted by your computer, and therefor will always show you the certificate warning
  • In the case of Computerisms and its customers, we can manually establish our trust, which in turn allows encryption of our passwords
    • Despite the warning, the encryption is still taking place on our system
      • Said another way: Security certificates are still securing your transmission, even though the warning might make you think otherwise.
  • Computerisms Certificates can be installed on your machine in such a way that your computer will trust the Computerisms certficates
    • If you do not want to see the warning at every page, then please follow these instructions

Importing the Computerisms Certificate Authority

  • The easiest way to install a certificate is using Internet Explorer
  • Open your start menu and choose "All Programs"
  • In the list, right click Internet Explorer
  • In the menu, choose "Run as Administrator"
  • If you are presented with a window confirming the program should be allowed to make changes to your computer, select Yes
  • Navigate to https://rc.domain.tld or any other encrypted Computerisms service
  • Select "Continue to this website (not recommended)
    • For the record, it is recommended...
  • In the next window, you will notice the address bar goes red.
  • Click in the address bar where the X is displayed as a certificate warning
  • In the small window that opens up, click the link at the bottom called "View certificates"
  • In the next window, find the tab called "Certification Path" and click it
  • Click on the line that says Computerisms Certificate Authority
  • Then click the "View Certificate" Buttonhelp.
  • In the next window, click the button called "Install Certificate"
    • Note: if you did not run Internet Explorer as Administrator, this button will not show up
  • The next window will be the start of the Certificate Import Wizard
  • Click Next
  • Move the Radio button to be beside "Place all Certificates in the following store"
  • Click the browse button to open the navigation window
  • In the navigation window, select "Trusted Root Certification Authorities"
  • Click OK, then click Next
  • Click the Finish button
  • Another warning window will pop up, click Yes in the bottom right corner
  • A window will pop up confirming the import was successful, click OK on that window
  • Click OK on the Computerisms Certificate Authority Certificate Window
  • Click OK on the first Certificate Window