Security Certificates: Difference between revisions
Jump to navigation
Jump to search
Line 11: | Line 11: | ||
==So why do I get a Security Certificate Warning?== | ==So why do I get a Security Certificate Warning?== | ||
*Certificate warnings | *Certificate warnings can be caused by several factors, but the most important thing to know is that just because you see a warning does not mean the site is not secured | ||
*One possible reason for the Certificate Warning is that your computer does not know the origin of the certificate on the server | |||
**When you go to an https enable site that does not show the warning, it is because the certificate on the server and a certificate on your computer have been signed by the same CA | **When you go to an https enable site that does not show the warning, it is because the certificate on the server and a certificate on your computer have been signed by the same CA | ||
**Since Computerisms doesn't pay the hefty fees to have its certificates signed by the same CA used by your computer, your computer will not trust the server's certificate | **Since Computerisms doesn't pay the hefty fees to have its certificates signed by the same CA used by your computer, your computer will not trust the server's certificate | ||
Line 19: | Line 20: | ||
**By temporarily overriding the warning, you instruct your computer to trust the certificate on the server | **By temporarily overriding the warning, you instruct your computer to trust the certificate on the server | ||
**Once the trust is established, then the certificates can be used to encrypt the communication so your password is not transmitted in clear text | **Once the trust is established, then the certificates can be used to encrypt the communication so your password is not transmitted in clear text | ||
*Another reason a security certificate warning might pop up is a mismatched address | |||
**Computerisms Webmail is one site that answers to many names, such as [[Domain Substitution|https://webmail.domain.tld]] | |||
**If you arrive at the site by a name that is different than the one on the certificate, your computer will warn you about it. | |||
*Remember, regardless of the warning, when you instruct your computer to trust the certificate, encryption will still happen so it is safe to send your passwords over the internet | |||
*Certificates can be purchased for the server so the warning doesn't appear in your browser, but they are prohibitively expensive for our hosting environment | *Certificates can be purchased for the server so the warning doesn't appear in your browser, but they are prohibitively expensive for our hosting environment |
Revision as of 16:05, 2 August 2012
What are Security Certificates and what are they used for?
- Security Certificates are a method of establishing trust and encrypting communication between different entities on a network
- An entity can be a person or a computer
- Certificates are issued to each entity, much like an identification card might be issued to each member of an organization
- Each Certificate must be signed by a Certificate Authority, often referred to as the CA
- Every certificate signed by the CA will trust every other certificate that is also signed by the same CA
- When two certificates trust each other, they can be used to encrypt a connection
- This is especially important when transmitting a username and password across the internet
- Each service provided by Computerisms will use Security Certificates to encrypt network connections
- Sites you visit that have https:// in the address bar are secured by a certificate
So why do I get a Security Certificate Warning?
- Certificate warnings can be caused by several factors, but the most important thing to know is that just because you see a warning does not mean the site is not secured
- One possible reason for the Certificate Warning is that your computer does not know the origin of the certificate on the server
- When you go to an https enable site that does not show the warning, it is because the certificate on the server and a certificate on your computer have been signed by the same CA
- Since Computerisms doesn't pay the hefty fees to have its certificates signed by the same CA used by your computer, your computer will not trust the server's certificate
- Since your computer cannot verify the origin of the certificate on the server, it cannot establish a trust relationship with the server
- The warning will inform you that the certificate on the server cannot be trusted because its origins cannot be confirmed
- Since you know the origins of the certificate (It comes from Computerisms), you can override your computer's paranoia
- By temporarily overriding the warning, you instruct your computer to trust the certificate on the server
- Once the trust is established, then the certificates can be used to encrypt the communication so your password is not transmitted in clear text
- Another reason a security certificate warning might pop up is a mismatched address
- Computerisms Webmail is one site that answers to many names, such as https://webmail.domain.tld
- If you arrive at the site by a name that is different than the one on the certificate, your computer will warn you about it.
- Remember, regardless of the warning, when you instruct your computer to trust the certificate, encryption will still happen so it is safe to send your passwords over the internet
- Certificates can be purchased for the server so the warning doesn't appear in your browser, but they are prohibitively expensive for our hosting environment
- Certificates in general are very very expensive in proportion to the effort required to make them.
- Computerisms can make certificates that will encrypt a connection every bit as good as a paid certificate for a small fraction of the cost
- Certificates generated by Computerisms will not be automatically trusted by your computer, and therefor will always show you the certificate warning
- In the case of Computerisms and its customers, we can manually establish our trust, which in turn allows encryption of our passwords
- Despite the warning, the encryption is still taking place on our system
- Said another way: Security certificates are still securing your transmission, even though the warning might make you think otherwise.
- Despite the warning, the encryption is still taking place on our system
- Computerisms Certificates can be installed on your machine in such a way that your computer will trust the Computerisms certficates
- If you do not want to see the warning at every page, then please follow these instructions
Importing the Computerisms Certificate Authority
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|