Cryptography - Signed Certificate

About

A signed certificate is a certificate that have been signed

A certificate is insecure until it is signed, as only a signed certificate cannot be modified.

Only a certificate signed by a third Certificate Authority assure the authenticity of the owner.

Procedure

CA

  • A Certificate Signing Request is generated from the Private Key.
  • The Certificate Signing Request (CSR) is send to the Certificate Authority (CA)
  • The CA will challenge the sender to prove its ownership of the domain. For instance:
    • setting a DNS TXT record
    • or hosting a file somewhere on a random path on the domain.
  • Once this challenge has been satisfied the CA will issue the certificate

Self-Signed

This is basically the same procedure than above but without the identity validation step.

See Cryptography Certificate - How to self-signed a Certificate (for a test or internal server)


Powered by ComboStrap