Security Certificates
What are Security Certificates and what are they used for?
- Security Certificates are a method of establishing trust and encrypting communication between different entities on a network
- An entity can be a person or a computer
- Certificates are issued to each entity, much like an identification card might be issued to each member of an organization
- Each Certificate must be signed by a Certificate Authority, often referred to as the CA
- Every certificate signed by the CA will trust every other certificate that is also signed by the same CA
- When two certificates trust each other, they can be used to encrypt a connection
- This is especially important when transmitting a username and password across the internet
- Each service provided by Computerisms will use Security Certificates to encrypt network connections
- Sites you visit that have https:// in the address bar are secured by a certificate
So why do I get a Security Certificate Warning?
- Certificate warnings can be caused by several factors, but the most important thing to know is that just because you see a warning does not mean the site is not secured
- One possible reason for the Certificate Warning is that your computer does not know the origin of the certificate on the server
- When you go to an https enable site that does not show the warning, it is because a purchased certificate on the server and a certificate on your computer have been signed by the same CA
- When one generates his own Certificates instead of purchasing them, as Computerisms does, they are considered Self-Signed.
- Since Computerisms doesn't pay the fees to have its certificates signed by the same CA used by your computer, your computer will not trust the server's certificate
- A person with the right knowledge can set up a system that is just as secure at a fraction of a fraction of the cost of purchasing certificates
- Using paid Certificates on a Hosting Server that is hosting many domains is prohibitively expensive
- Since your computer cannot verify the origin of the certificate on the server, it cannot establish a trust relationship with the server
- The warning will inform you that the certificate on the server cannot be trusted because its origins cannot be confirmed
- Since you know the origins of the certificate (It comes from Computerisms), you can override your computer's paranoia
- By temporarily overriding the warning, you instruct your computer to trust the certificate on the server
- Once the trust is established, then the certificates can be used to encrypt the communication so your password is not transmitted in clear text
- Another reason a security certificate warning might pop up is a mismatched address
- Computerisms Webmail is one site that answers to many names, such as https://webmail.domain.tld
- If you arrive at the site by a name that is different than the one on the certificate, your computer will warn you about it.
- Remember, regardless of the warning, when you instruct your computer to trust the certificate, encryption will still happen so it is safe to send your passwords over the internet
Okay, Now I know why, but what do I do about it?
- In some cases, the problem can be solved on the server.
- If for example you wish to run an online store, you will need to purchase your own certificate
- In the case of Computerisms Services, purchasing certificates is very cost prohibitive
- As a hosting provider, Computerisms is not the only company facing this problem
- it is better to have a certificate and a warning than it is to have no certificate at all
- While Security Certificates are an open standard, implementation varies quite a bit depending on the browser and platform it runs on
- If you use Internet Explorer, you can import the CA to establish trust and disable Name Matching
- Certificates can be purchased for the server so the warning doesn't appear in your browser, but they are prohibitively expensive for our hosting environment
- Certificates in general are very very expensive in proportion to the effort required to make them.
- Computerisms can make certificates that will encrypt a connection every bit as good as a paid certificate for a small fraction of the cost
- Certificates generated by Computerisms will not be automatically trusted by your computer, and therefor will always show you the certificate warning
- In the case of Computerisms and its customers, we can manually establish our trust, which in turn allows encryption of our passwords
- Despite the warning, the encryption is still taking place on our system
- Said another way: Security certificates are still securing your transmission, even though the warning might make you think otherwise.
- Despite the warning, the encryption is still taking place on our system
- Computerisms Certificates can be installed on your machine in such a way that your computer will trust the Computerisms certficates
- If you do not want to see the warning at every page, then please follow these instructions
Internet Explorer - Importing Certificate Authority
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|