Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SSL certificate and CA

I started to learn CCNA security, and I'm curious about SSL certificates and CA.

Unfortunately I have not found details on the internet that are intersted to me.

As an example, how the CA keeps the user's private key, or whether there is a possibility of abuse by the CA?

If you have any links where I could read it deeply please let me know, as well as an explanation.

Thank you,

Tom

1 REPLY
VIP Purple

Re: SSL certificate and CA

Here are some links to get started with PKI:

http://en.wikipedia.org/wiki/Public_key_infrastructure

http://www.articsoft.com/public_key_infrastructure.htm

http://www.herongyang.com/PKI/index.html

http://www.h3c.com/portal/Products___Solutions/Technology/Security_and_VPN/Technology_Introduction/200702/201183_57_0.htm

Your questions:

1) In general the CA should never have your private key. Private means that you and only you have this key and no one else. And the CA also doesn't need the private key for its operation. It only takey your public key and puts it into the certificate.

But there are exceptions. For example if you do mail-encryption in a big organisation then the private key is often stored on a central server (key recovery). With that the mails are not lost when the employee leaves the company.

2) The CA has to be trusted, that is the system of SSL. We trust them that they do not issue a certificate to Mallory (the attacker) stating that this certificate belongs to Alice. The past has shown that this trust is not always justified. And if you look into your Internet Explorers List of trusted roots you can decide on your own if these are all trustworthy. So the system of trust is far away from being perfect, but at the moment it's the only system we have.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
836
Views
0
Helpful
1
Replies
CreatePlease to create content