Information Systems Security Management
|
|
- Jared O’Connor’
- 8 years ago
- Views:
Transcription
1 Information Systems Security Management Gerald Quirchmayr, Edgar Weippl, Oliver Jorns Fakultät für Wirtschaftswissenschaften und Informatik Liebiggasse 4/3-4, 1010 Wien Tel Fax
2 Modus Organisation: Vorlesung mit Praktikum in teilweise geblockter Form. Benotung: Praktische Umsetzung des im Volesungsteil vermittelten Stoffes. 2
3 Vortragende Univ.-Prof. Dr. Dr. Gerald Quirchmayr Mag. Oliver Jorns Dr. Edgar Weippl 3
4 Inhaltliche Schwerpunkte Business Continuity Management IT Security Administration The Technological Basis of System Defence Design Principles Access Control Mechanisms Information Flow Assurance Evaluating Systems (very brief overview) Auditing Securing Mobile and Wireless Infrastructures 4
5 Repetition: Security Services Data Confidentiality Authentication Integrity Access Control Non Repudiation Availability 5
6 Symmetric Cryptography sender: plaintext: Hello, world! shared key: cipher: DES âé~ìú à!c : U)xJ confidentiality? receiver: cipher: âé~ìú à!c : U)xJ shared key: DES Hello, world! 6
7 Symmetric Cryptography plaintext: Hello, world! shared key: HMAC MAC confidentiality Hello, world! MAC Hello, world!? shared key: HMAC MAC 7
8 Asymmetric Cryptography plaintext: Hello, world! receiver public key asym. algorithm I~u É~ÌiÚ]!Cg : o)x key confidentiality I~u É~ÌiÚ]!Cg : o)x receiver private key asym. algorithm Hello, world! 8
9 Encryption shared key: plaintext: Hello, world! asym. algorithm DES receiver public key encrypted shared key cipher: âé~ìú à!c : U)xJ encrypted shared key cipher: I~u É~ÌiÚ]!Cg : o)x asym. algorithm DES -1 receiver private key shared key: Hello, world! 9
10 Digital Signatures (creation) sender: Plaintext: Hello, world! MD5 hash: 6cd3556deb0da54bca060b4c private key: signature: asym. algorithm BF2EA Hello, world! to receiver 10
11 Digital Signatures (verification) receiver: signature: BF2EA from sender Hello, world! public key: hash: asym. algorithm 6cd3556d MD5 6cd3556d? 11
12 Questions concerning PKI (Public Key Infrastructure) What is a PKI? What constitutes a digital signature? What is a certificate? Wat is certification revocation? What is a Certification Authority (CA)? 12
13 PKI defined Certification Authority Certificate Repository Certificate Revocation Key Backup and Recovery Key update or Certificate update Key history Key escrow Cross-Certification support for Non-repudiation Time stamping Client software 13
14 ?PKI (Public Key Infrastructure)? Functional roles: Policy Authority Certificate Issuer Certificate Manufacturer Revocation Manufacturer Registration Authority Authentication Service Repository Related Roles: Subscriber Relying Party Applications 14
15 PKI (structure) IPRA PCA A PCA B CA Aa CA Ab CA Ba CA Bb Bob Alice IPRA Internet PCA Registration Authority (MIT) PCA Policy Certification Authority CA Certification Authority 15
16 Certificates Public key Certificates are used: bind an entity s name (and possibly additional attrubutes associated with that entity) with the corresponding public key. assure: Integrity of the public key and any other associated information The public key and any other associated information has been bound to the claimed owner in a trust manner Source: Understanding Public-Key Infrastructure, Adams,C.;Lloyd,S. 16
17 Purpose of certificates Privacy and confidentiality (message encode and decode) Integrity (transfer interference) Authentication (sender verification) Non-repudiation (no possibility to deny) 17
18 Certificates X.509 Public-key certificates Simple Public Key Infrastructure (SPKI) certificates Pretty Good Privacy (PGP) certificates Attribute certificates 18
19 Appointments of certificates Certification Practice Statement (CPS) (e.g. Release, administration and usage of certificates Policies and practices of certification sites Certificate Policy (CP) (e.g. A set of provisions for a specific certificate 19
20 LDAP directory 20
21 Client certificate Applications Encryption and Decryption of s E-commerce Access control Web servers Facilities Intranets Proof of document transmission Identification and privileges (license) 21
22 Server certificate Application Server authentication Proof of a Domain Name (Identity, Owner, IP) Secure Connection with TLS (Transport Layer Security) or SSL (Secure Socket Layer) Data exchange Web account Online banking E-commerce 22
23 Object certificate (developer certificate) Digital signed source-code (Code protection) Authenticates the developer Security-request before download Proof of integrity 23
24 Smartcard Higher secure-level Contains private key Processor for cryptological operations Cardreader necessary Source: a-trust.at 24
25 Certificate Structure (ASN.1) Certificate ::=SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialnumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectpublickeyinfo SubjectPublicKeyInfo, issueruniqueid [1] IMPLICIT UniqueIdentifier OPTIONAL, subjectuniqueid [2] IMPLICIT UniqueIdentifier OPTIONAL, extensions [3] EXPLICIT Extensions OPTIONAL } 25
26 Components of a PKI CA (Certification Authority) bind an entity s name (and possibly additional attriubutes associated with that entity) with the corresponding public key. RA (Registration Authority): Integrity of the public key and any other associated information The public key and any other associated information has been bound to the claimed owner in a trust manner 26
27 RA Establishes and confirms the identity of an individual as part of the initialization process Distributes shared secrets to end-users for subsequent authentication during an on-line initialization process Initiates the certification process with a CA on behalf of individual end-users Generates keying meterial on behalf of an end-user Performs certain key/certificate life cycle management functions, such as to initiate a revocation request or a key recovery operation on behalf of an end-entity 27
28 Certificate Validation Process a trusted CA has signed the certificate integrity of the certificate ifself validity period revocation correct use of certificate 28
29 Certificate chain verification Each certificate signed by another certificate Entire certificate chain is needed Verification with the public key of the signer Root certificate Self-signed Intermediate CA certificate Signed by root User certificate Signed by intermediate CA 29
30 Key/certificate life cycle management overview initialization Registration Key pair generation Certificate creation and Key/Certificate distribution (owner) Certificate dissemination (publ. rep.) Key backup (if appropriate) issued cancellation Certificate retrieval Certificate validation Key Revocery Key Update Certificate expiration Certificate revocation Key History Key Archive 30
31 Initialization scenario 1. Registration Form request 2. Registration Form reply 3. Registration Form submission 4. Registration Setup request End-entity 6. Registration results 7. Certificate request RA 5. Registration Setup results CA 8. Certificate response 31
32 Certification process Certificate request (user) Registration Authority (RA) verifies client identity Registration Authority generates key pair on behalf of client RA sends certificate-request to Certification Authority (CA) (PKCS #10) CA signs certificate-request (PKCS #7) Certificate Dissemination (LDAP) RA returns password protected key/certificate to user (PKCS #12) 32
33 Certification process Key pair generation 1. Certificate request (form) 4. Certificate + priv. key (PKCS#12) RA 2. Certificate request (PKCS#10) 3. signed Certificate (PKCS#7) CA 5. Certificate (X.509) 5. Certificate (X.509) LDAP directory 33
34 Certificate revocation 1. Certificate Revocation Request Out-of-band Request 2. Certificate Revocation Response 1. Certificate Revocation Request End-entity RA CA 2. Certificate Revocation Response Certificate requests are directed to the RA or CA directly 34
35 Certificate Revocation List (ASN.1) CertificateList ::=SEQUENCE { version Version OPTIONAL, --if present, version must be v2 signature AlgorithmIdentifier, issuer Name, thisupdate Time, nextupdate Time OPTIONAL, revokedcertificates SEQUENCE OF SEQUENCE { usercertificate CertificateSerialNumber, revocationdate Time, crlentryextensions Extensions OPTIONAL } OPTIONAL, crlextensions [0] Extensions OPTIONAL }} reaoncode: unsecified: unknown keycompromise: the private key has been compromised in some way; cacompromise: like keycompromise, but the certificate subject is a CA; affiliationchanged: some fields in the certificate have changed (e.g. subject name); superseded: the certificate has been replaced by another; cessationofoperation: the certificate is no longer needed; certificatehold: the certificate is temporarily deemed invalid until either final revocation of hold release; removefromcrl: an existing CRL entry should be removed owing to certificate expiration or hold release (for delta-crl only) 35
36 Certificate Revocation List (CRL) 36
37 Example: simple CA with OpenSSL /usr/local/ssl/lib/openssl.cnf - master config file./democa - main CA directory./democa/cacert.pem - CA certificate./democa/private/cakey.pem - CA private key./democa/serial - CA serial number file./democa/serial.old - CA serial number backup file./democa/index.txt - CA text database file./democa/index.txt.old - CA text database backup file./democa/certs - certificate output file./democa/.rnd - CA random seed information Source: 37
38 creating self signed certificate openssl req config /<path>/openssl.cnf new x509 days 1460 newkey rsa:2048 keyout private/cakey.pem out cacert.pem Generating a 2048 bit RSA private key writing new private key to 'private/cakey.pem' Enter PEM pass phrase:rootca Verifying password - Enter PEM pass phrase:rootca You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank Country Name (2 letter code) [AU]:AT State or Province Name (full name) [Some-State]:Austria Locality Name (eg, city) []:Vienna Organization Name (eg, company) [Internet Widgits Pty Ltd]:testCA Organizational Unit Name (eg, section) []:Organizational unit of testca Common Name (eg, YOUR name) []:Administrator of testca Address []:administrator@testca.org 38
39 creating self signed certificate openssl req config /<path>/openssl.cnf new x509 days 1460 newkey rsa:2048 keyout private/cakey.pem out cacert.pem -----BEGIN CERTIFICATE----- MIIE/DCCA+SgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCQVQx EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTEPMA0GA1UEChMGdGVz wgpp/apgrajdr+jfx4bdzew4g3/joqhmlmwlmf9nvllxakvpa+gvsiz3g+ddnzac 6UVXbCPbe15r7JGK9BvS1xmVWDvqL5dL4j/whEMg0tI= -----END CERTIFICATE BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,18FEBA6DB48660E4 01 t5nsiwukdq8cl4e3tid+1yp8vmp2k4m2jegiarrmtgshuiftb8wftzww4ujsbgoj S0z9C3hIhSDfnyq4iXoSjLvhH1DYi514M10aVQlyaNL7u7Yg2NOMGyExfGOwczB7 pz0xe4t/3lax9g8s4f2qxmnowce7h7a23gsmcz65shzcjudbtovs3jqm489ffrje -----END RSA PRIVATE KEY
40 certificate details 40
41 certificate details 41
42 creating sender certificate (request) openssl req config /<path>/openssl.cnf newkey rsa:1024 keyout private/sender_private_key.pem out sender_request.pem Using configuration from /usr/share/ssl/openssl.cnf Generating a 1024 bit RSA private key writing new private key to 'private/sender_private_key.pem' Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank Country Name (2 letter code) [AU]:AT State or Province Name (full name) [Some-State]:Austria Locality Name (eg, city) []:Vienna Organization Name (eg, company) [Internet Widgits Pty Ltd]:testCA Organizational Unit Name (eg, section) []:Organizational Unit of sender Common Name (eg, YOUR name) []:sender Address []:sender@testorg.org Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: 42
43 creating sender certificate (request) openssl req config /<path>/openssl.cnf newkey rsa:1024 keyout private/sender_private_key.pem out sender_request.pem -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,B2B068A74B57AC08 RM6naIBwCxeoqg+QG5wOSGrfIuFq7YEopNTzMyO+067adhbRjCJm1JmhEUKlcA7i TVFmjuxUmZaGGjkPNZxcIfQhyfmX6yB+fJwuvGb2I9uQDJ9uciuXLFoBgmG3s3p1 c3xevo5wzq5ne0rekl9zaxr1grulnyd3sxqzvs7a3exarlg9l6xzdhioswbchom+ JvYTyEN5xEaBkggeCw8FdzGkP+EakmM5IFfK2zTzTbhAAYlt9veLuJDkk+jc5YnM YcOIfmbDez0dKeAhm9UJFjp8i6sAzjQWolq6i9vyivEAw9t5ssrL+avU9mYrrVbf Ng35qxhg3SlvfUooCt2AfxxnQ3XbaWiWWxI74q7oZR9pHX9LZwZV4ftfz74QPb+O wtbwyxsm8xrdepsyk2m+hfn0rwuft8joay4/trx6adhbscpjtrnwp/cexhq3f4ml ztrkafsvs5hcn5oqzy2jb1kjgxzkml1eydriv/hxn9n/zyepigfpthem2jnbqnte qh9vb+dmdw6d4dg3ln1o+vx9o1b90vdoqrz324ylawer7fmoywvoltqyvu7wy0qh i7naq/b1u72d3q88vzs6avitlwjryyvbc5m+e411r8u1/x0hllqlbrbomta3n4wm 8OwdRsrtSASwzY9IagKyV9qYFmbmNm0aVsL2wZV478z4FZGWkRinbPxCGqDbgHCT EU31eB6flSG3op15DbSKtTu/LY8lJGC/qNjnuonDt1FffwhS4dNRr9aS6m2uszKe L16eY82VWpHXdz3AWFh9za30cmvZlkWRvXTJkPAI+QnI9Ovubd3/gQ== -----END RSA PRIVATE KEY BEGIN CERTIFICATE REQUEST----- MIIB3TCCAUYCAQAwgZwxCzAJBgNVBAYTAkFUMRAwDgYDVQQIEwdBdXN0cmlhMQ8w DQYDVQQHEwZWaWVubmExDzANBgNVBAoTBnRlc3RDQTEmMCQGA1UECxMdT3JnYW5p emf0aw9uywwgvw5pdcbvzibzzw5kzxixdzanbgnvbamtbnnlbmrlcjegmb4gcsqg SIb3DQEJARYRc2VuZGVyQHRlc3RDQS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBAL4HmaZLAW8Mzy26YUTI4IdVFWkafn+vE7LvQq75rbK/fCRtloAkn6FD yauxc+bkpcdxf3fpo+ed5bpcfqlug2hj1jjmxhj1/2cmexdpazrdifoje9qfa1r9 +A7+tCxsjAtoNMhu2eai4Bl8mQGajuNLfNZAwo6QGbZeRgZk1t+XAgMBAAGgADAN BgkqhkiG9w0BAQQFAAOBgQCMiTmmp0wwHvUyGIE7ShQUPV/0ElS36K3Iyk/cGaym SbZ04Draf9vcZYI5vQn+6MtLJ4CztFqIABfw7p7SFM9QyiSfm8WDYey4igzYjYKA EpnWgOFLpe+Ots9tgp2qO/cW2KhcgpEABsXNb4xzHUmNFDXbeSsc5n1OS44bdP16 cq== -----END CERTIFICATE REQUEST
44 CA certifies sender certificate openssl ca config /<path>/openssl.cnf name CA_default in democa/sender_request.pem out democa/certs/certified_sender_certificate_request.pem Using configuration from /usr/share/ssl/openssl.cnf Enter PEM pass phrase:rootca Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryname :PRINTABLE:'AT' stateorprovincename :PRINTABLE:'Austria' localityname :PRINTABLE:'Vienna' organizationname :PRINTABLE:'testCA' organizationalunitname:printable:'organizational Unit of sender' commonname :PRINTABLE:'sender' address Certificate is to be certified until May 8 16:44: GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated 44
45 CA certifies sender certificate openssl ca config /<path>/openssl.cnf name CA_default in democa/sender_request.pem out democa/certs/certified_sender_certificate_request.pem Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5withrsaencryption Issuer: C=AT, ST=Austria, L=Vienna, O=testCA, OU=Organizational unit of testca, CN=Administrator of testca/ =administrator@testca.org Validity Not Before: May 8 16:44: GMT Not After : May 8 16:44: GMT Subject: C=AT, ST=Austria, O=testCA, OU=Organizational Unit of sender, CN=sender/ =sender@testCA.org Subject Public Key Info: Public Key Algorithm: rsaencryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:be:07:99:a6:4b:01:6f:0c:cf:2d:ba:61:44:c8: CRL V Z 01 unknown /C=AT/ST=Austria/O=testCA/OU=Organizational Unit of sender/cn=sender/ =sender@testca.org 45
46 PKCS#12 creation (user sender ) user@:~> openssl pkcs12 export inkey democa/private/sender_private_key.pem name sender@testca.org in democa/certs/certified_sender_certificate_request.pem out democa/sender.p12 Enter PEM pass phrase:sender Enter Export Password:export Verfying password - Enter Export Password:export X.509 Certificate of Certification Authority certified X.509 Certificate and password protected private key of user sender 46
47 CA certificate installation 47
48 CA certificate installation 48
49 CA certificate installation check this! 49
50 CA certificate verification 50
51 CA certificate installation completed 51
52 sender certificate installation 52
53 sender certificate installation Export Password:export 53
54 sender certificate installation 54
55 sender certificate installation completed Enter PEM pass phrase:sender 55
56 sender certificate verifiation 56
57 sender certificate verification 57
58 Certificate revocation user requests for revocation (phone, fax or ) reason for revocation necessary e.g. private key has been compromised revocation released within 3 hours each certificate can be revoked only once 58
59 Certificate revocation Certificate Revocation Lists (CRLs) Lists all revoked certificates Delta CRLs only differences to previous CRL Online Certificate Status Protocol (OCSP) 59
60 OCSP (Online Certificate Status Protocol) OCSP Request OCSP Response OCSP Request OCSP Server CRL, SQL, LDAP, OCSP Response 60
61 OCSP Response Source: Security in Telecommunication Project (Forschungszentrum Telekommunikation Wien) 61
62 Example: OpenSSL certificate revocation (database) V Z 01 unknown /C=AT/ST=Austria/O=testCA/OU=Organizational Unit of sender/cn=sender/ =sender@testca.org V Z R (revoked), E (expired), V (valid) valid to YYMMDDHHMMSSZ 01 Serial number (hex) unknown where to find the certificate (at present always unknown ) Name of owner of certificate (DN and ) /C=AT/ST=Austria/O=testCA/OU=Organizational Unit of sender/cn=sender/ =sender@testca.org 62
63 OpenSSL certificate revocation (database) openssl ca revoke./democa/certs/certified_sender_certificate_request.pem openssl ca gencrl out./democa/crl/crl.pem openssl crl in./democa/crl/crl.pem outform der out./democa/crl/crl.der date of revocation R Z Z 01 unknown /C=AT/ST=Austria/O=testCA/OU=Organizational Unit of sender/ CN=sender/ =sender@testCA.org V Z 01 unknown /C=AT/ST=Austria/O=testCA/OU=Organizational Unit of sender/ CN=sender/ =sender@testCA.org 63
64 Further reading Apache + SSL: download: https with midlets: s/https/ Exploring RSA Encryption in OpenSSL: 64
65 References Matt Bishopp, Computer Security Understanding Public-Key Infrastructure, Adams,C.;Lloyd,S. Security Fundamentals for E-commerce, Vesna Hassler OpenSSL: Das OpenSSL Handbuch: LDAP Browser: Security in Telecommunication Project 2002, Forschungszentrum Telekommunikation Wien ftw. 65
Understanding digital certificates
Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk
More informationSecuring Web Access with a Private Certificate Authority
Securing Web Access with a Private Certificate Authority Presented by Paul Weinstein, Waubonsie Consulting, ApacheCon US 2002 November 20, 2002 Paul Weinstein -
More informationX.509 and SSL. A look into the complex world of X.509 and SSL http://www.phildev.net/ssl/ UUASC 07/05/07. Phil Dibowitz http://www.phildev.
X.509 and SSL A look into the complex world of X.509 and SSL http://www.phildev.net/ssl/ UUASC 07/05/07 Phil Dibowitz http://www.phildev.net/ The Outline Introduction of concepts X.509 SSL End-User Notes
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationBrocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1
PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority
More informationCertificates. Noah Zani, Tim Strasser, Andrés Baumeler
Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate
More informationCreation and Management of Certificates
Security OpenSSL Creation and Management of Certificates Roberta Daidone roberta.daidone@iet.unipi.it What are we going to do? Setup of a Certification Authority Creation of a self-signed root certificate
More informationGenerating and Installing SSL Certificates on the Cisco ISA500
Application Note Generating and Installing SSL Certificates on the Cisco ISA500 This application note describes how to generate and install SSL certificates on the Cisco ISA500 security appliance. It includes
More informationUser Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series
User Guide Supplement S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series SWD-292878-0324093908-001 Contents Certificates...3 Certificate basics...3 Certificate status...5 Certificate
More informationEncrypted Connections
EMu Documentation Encrypted Connections Document Version 1 EMu Version 4.0.03 www.kesoftware.com 2010 KE Software. All rights reserved. Contents SECTION 1 Encrypted Connections 1 How it works 2 Requirements
More informationCertificate Management. PAN-OS Administrator s Guide. Version 7.0
Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More informationhttp://www.eclectica.ca/howto/ssl-cert-howto.php
1 of 12 14/11/03 15:21 Creating and Using SSL Certificates This document describes how to establish yourself as a root certificate authority (root CA) using the OpenSSL toolset. As a root CA, you are able
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationPart III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure
More informationmod_ssl Cryptographic Techniques
mod_ssl Overview Reference The nice thing about standards is that there are so many to choose from. And if you really don t like all the standards you just have to wait another year until the one arises
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationPUBLIC-KEY CERTIFICATES
INFS 766 Internet Security Protocols Lecture 6 Digital Certificates Prof. Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs public key of receiver
More informationUNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION
UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION Foreword. Preface. About the Authors. I. CONCEPTS. 1. Introduction. 2. Public-Key Cryptography. Symmetric versus Asymmetric
More information[SMO-SFO-ICO-PE-046-GU-
Presentation This module contains all the SSL definitions. See also the SSL Security Guidance Introduction The package SSL is a static library which implements an API to use the dynamic SSL library. It
More informationSSL Certificates HOWTO
Franck Martin Revision History Revision v0.1 2001 11 18 Revised by: fm A first hand approach on how to manage a certificate authority (CA), and issue or sign certificates to be used for secure web, secure
More informationPKI and OpenSSL part 1 X.509 from the user s and the client software s point of view
PKI and OpenSSL part 1 X.509 from the user s and the client software s point of view Version 0.5 Richard Levitte, mailto:levittelp.se November 18, 2003 A serie of lectures PKI and OpenSSL part 1: codex.509
More informationDEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
DEFENSE INFORMATION SYSTEMS AGENCY JOINT INTEROPERABILITY TEST COMMAND FORT HUACHUCA, ARIZONA DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
More informationDigital Certificates Demystified
Digital Certificates Demystified Alyson Comer IBM Corporation System SSL Development Endicott, NY Email: comera@us.ibm.com February 7 th, 2013 Session 12534 (C) 2012, 2013 IBM Corporation Trademarks The
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationSSL Protect your users, start with yourself
SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationSSL Certificates in IPBrick
SSL Certificates in IPBrick iportalmais July 18, 2013 1 Introduction This document intends to guide you through the generation and installation procedure of an SSL certificate in an IPBrick server. 2 SSL
More informationVirtual Private Network with OpenVPN
-COMP-016 Revision: 0 2005-02-03 Contact Author Institut de RadioAstronomie Millimétrique Virtual Private Network with OpenVPN Owner Sebastien Blanchet Keywords: VPN Owner Sebastien Blanchet (blanchet@iram.fr)
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationCertificates and network security
Certificates and network security Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline X.509 certificates and PKI Network security basics: threats and goals Secure socket layer
More informationMTAT.07.017 Applied Cryptography
MTAT.07.017 Applied Cryptography Public Key Infrastructure (PKI) Public Key Certificates (X.509) University of Tartu Spring 2015 1 / 42 The hardest problem Key Management How to obtain the key of the other
More informationNeutralus Certification Practices Statement
Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3
More informationGrid Computing - X.509
Grid Computing - X.509 Sylva Girtelschmid October 20, 2009 Public Key Infrastructure - PKI PKI Digital Certificates IT infrastructure that provides means for private and secure data exchange By using cryptographic
More informationCertification Practice Statement
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
More informationSecure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
More informationCertification Authority. The X.509 standard, PKI and electronic documents. X.509 certificates. X.509 version 3. Critical extensions.
The X.509 standard, PKI and electronic uments Antonio Lioy < lioy @ polito.it > Politecnico di Torino Dipartimento di Automatica e Informatica Certification Authority (4) cert repository (cert, CRL) Certification
More informationCisco Expressway Certificate Creation and Use
Cisco Expressway Certificate Creation and Use Deployment Guide Cisco Expressway X8.1 D15061.01 December 2013 Contents Introduction 3 PKI introduction 3 Overview of certificate use on the Expressway 3 Certificate
More informationCertificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr
Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Version 0.3 August 2002 Online : http://www.urec.cnrs.fr/igc/doc/datagrid-fr.policy.pdf Old versions Version 0.2 :
More informationApple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationCisco TelePresence VCS Certificate Creation and Use
Cisco TelePresence VCS Certificate Creation and Use Deployment Guide Cisco VCS X8.1 D14548.08 December 2013 Contents Introduction 3 PKI introduction 3 Overview of certificate use on the VCS 3 Certificate
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationHow to generate SSL certificates for use with a KVM box & XViewer with XCA v0.9.3
How to generate SSL certificates for use with a KVM box & XViewer with XCA v0.9.3 Written by Michael Lackner aka Grand Admiral Thrawn http://wp.xin.at/the-xviewer-project irc://www.xin.at:6666 #guests
More informationSwissSign Certificate Policy and Certification Practice Statement for Gold Certificates
SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates Version March 2004 Version 2004-03 SwissSign Gold CP/CPS Page 1 of 66 Table of Contents 1. INTRODUCTION...9 1.1 Overview...
More informationSecuring Your Condor Pool With SSL. Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison
Securing Your Condor Pool With SSL Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Contents Motivation for using SSL Simple example using a single service credential
More informationYealink Technical White Paper. Contents. About VPN... 3. Types of VPN Access... 3. VPN Technology... 3 Example Use of a VPN Tunnel...
1 Contents About... 3 Types of Access... 3 Technology... 3 Example Use of a Tunnel... 4 Yealink IP Phones Compatible with... 5 Installing the Open Server... 5 Installing the Open Server on the Linux Platform...
More informationKey Management and Distribution
Key Management and Distribution Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu udio/video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationphicert Direct Certificate Policy and Certification Practices Statement
phicert Direct Certificate Policy and Certification Practices Statement Version 1. 1 Effective Date: March 31, 2014 Copyright 2013-2014 EMR Direct. All rights reserved. [Trademark Notices] phicert is a
More informationprefer to maintain their own Certification Authority (CA) system simply because they don t trust an external organization to
If you are looking for more control of your public key infrastructure, try the powerful Dogtag certificate system. BY THORSTEN SCHERF symmetric cryptography provides a powerful and convenient means for
More informationReplacing vcenter Server 4.0 Certificates VMware vsphere 4.0
Technical Note Replacing vcenter Server 4.0 Certificates VMware vsphere 4.0 Certificates are automatically generated when you install vcenter Server and ESX/ESXi. These default certificates are not signed
More informationapple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.
More informationassociate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.
Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu
More informationStartCom Certification Authority
StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction
More informationTrustis FPS PKI Glossary of Terms
Trustis FPS PKI Glossary of Terms The following terminology shall have the definitions as given below: Activation Data Asymmetric Cryptosystem Authentication Certificate Certificate Authority (CA) Certificate
More informationPurpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates
Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Purpose, Methods, Revocation, PKIX To distribute public keys securely Requires - Certificates and Certification Authorities - Method for retrieving certificates
More informationPKI: Public Key Infrastructure
PKI: Public Key Infrastructure What is it, and why should I care? Conference on Higher Education Computing in Kansas June 3, 2004 Wes Hubert Information Services The University of Kansas Why? PKI adoption
More informationManaging SSL certificates in the ServerView Suite
Overview - English FUJITSU Software ServerView Suite Managing SSL certificates in the ServerView Suite Secure server management using SSL and PKI Edition September 2015 Comments Suggestions Corrections
More informationUnderstanding Digital Certificates on z/os Vanguard Las Vegas, NV Session AST3 June 26th 2012
Understanding Digital Certificates on z/os Vanguard Las Vegas, NV Session AST3 June 26th 2012 Wai Choi, CISSP IBM Corporation RACF/PKI Development & Design Poughkeepsie, NY e-mail: wchoi@us.ibm.com 1 Trademarks
More informationConfiguring Digital Certificates
CHAPTER 36 This chapter describes how to configure digital certificates and includes the following sections: Information About Digital Certificates, page 36-1 Licensing Requirements for Digital Certificates,
More informationComodo Certification Practice Statement
Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the
More informationTELSTRA RSS CA Subscriber Agreement (SA)
TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this
More informationCertificate technology on Pulse Secure Access
Certificate technology on Pulse Secure Access How-to Guide Published Date July 2015 Contents Introduction: 3 Creating a Certificate signing request (CSR): 3 Import Intermediate CAs: 5 Using Trusted Client
More informationSSL/TLS: The Ugly Truth
SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography
More informationCisco TelePresence VCS Certificate Creation and Use
Cisco TelePresence VCS Certificate Creation and Use Deployment Guide Cisco VCS X8.2 D14548.10 July 2014 Contents Introduction 3 PKI introduction 3 Overview of certificate use on the VCS 3 Certificate generation
More informationCisco Expressway Certificate Creation and Use
Cisco Expressway Certificate Creation and Use Deployment Guide Cisco Expressway X8.5 December 2014 Contents Introduction 3 PKI introduction 3 Overview of certificate use on the Expressway 3 Certificate
More informationDIMACS Security & Cryptography Crash Course, Day 2 Public Key Infrastructure (PKI)
DIMACS Security & Cryptography Crash Course, Day 2 Public Key Infrastructure (PKI) Prof. Amir Herzberg Computer Science Department, Bar Ilan University http://amir.herzberg.name Amir Herzberg, 2003. Permission
More informationCertificate technology on Junos Pulse Secure Access
Certificate technology on Junos Pulse Secure Access How-to Introduction:... 1 Creating a Certificate signing request (CSR):... 1 Import Intermediate CAs: 3 Using Trusted Client CA on Juno Pulse Secure
More informationStandards and Products. Computer Security. Kerberos. Kerberos
3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2
More informationSWITCHaai Metadata CA. Certificate Policy and Certification Practice Statement
SWITCHaai Metadata CA Certificate Policy and Certification Practice Statement Version 1.0, OID 2.16.756.1.2.6.7.1.0 July 15, 2008 Table of Contents 1. INTRODUCTION...6 1.1 Overview...6 1.2 Document name
More informationMeeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
More informationWebsense Content Gateway HTTPS Configuration
Websense Content Gateway HTTPS Configuration web security data security email security Support Webinars 2010 Websense, Inc. All rights reserved. Webinar Presenter Title: Sr. Tech Support Specialist Cisco
More informationWorking with Certificate and Key Files in MatrixSSL
Working with Certificate and Key Files in MatrixSSL Generating Certificates for use with MatrixSSL The most common way to obtain a certificate is to buy one from a commercial certificate authority. This
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informatione-cert (Server) User Guide For Apache Web Server
e-cert (Server) User Guide For Apache Web Server Revision Date: Sep 2015 Table of Content A. Guidelines for e-cert (Server) Applicant... 2 B. Generating Certificate Signing Request (CSR)... 3 C. Submitting
More informationCERTIFICATE POLICY KEYNECTIS SSL CA
CERTIFICATE POLICY KEYNECTIS SSL CA Date: 05/02/2009 KEYNECTIS SSL CA CERTIFICATE POLICY Subject: KEYNECTIS SSL CA Certificate Policy Version number: 1.1 Number of pages: 49 Status of the Project Final
More informationDisplaying SSL Certificate and Key Pair Information
CHAPTER6 Displaying SSL Certificate and Key Pair Information This chapter describes how to use the available show commands to display SSL-related information, such as the certificate and key pair files
More informationNumber of relevant issues
Electronic signature Lecture 8 Number of relevant issues cryptography itself algorithms for signing documents key management generating keys, distribution, key revocation security policy certificates may
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...
More informationKMIP installation Guide. DataSecure and KeySecure Version 6.1.2. 2012 SafeNet, Inc. 007-012120-001
KMIP installation Guide DataSecure and KeySecure Version 6.1.2 2012 SafeNet, Inc. 007-012120-001 Introduction This guide provides you with the information necessary to configure the KMIP server on the
More informationCertificate Policy KEYNECTIS SSL CA CP. Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2
Certificate Policy KEYNECTIS SSL CA CP Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2 KEYNECTIS SSL CA CP Version 1.2 Pages 51 Status Draft Final Author Emmanuel Montacutelli OpenTrust
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationTHE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company
THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised
More informationSSL Peach Pit User Guide. Peach Fuzzer, LLC. Version 3.7.64
SSL Peach Pit User Guide Peach Fuzzer, LLC Version 3.7.64 Copyright 2015 Peach Fuzzer, LLC. All rights reserved. This document may not be distributed or used for commercial purposes without the explicit
More informationCertificate Policy for. SSL Client & S/MIME Certificates
Certificate Policy for SSL Client & S/MIME Certificates OID: 1.3.159.1.11.1 Copyright Actalis S.p.A. All rights reserved. Via dell Aprica 18 20158 Milano Tel +39-02-68825.1 Fax +39-02-68825.223 www.actalis.it
More informationSSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service
Paper SAS1541-2015 SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service Heesun Park and Jerome Hughes, SAS Institute Inc., Cary, NC ABSTRACT
More informationBank link technical specifications. Information for programmers
Bank link technical specifications Information for programmers 2015 01 08 1 Content Content...2 Rules of services...3 Queries...3 Queries from the merchant to the bank...4 Queries from the bank to the
More informationNIST Test Personal Identity Verification (PIV) Cards
NISTIR 7870 NIST Test Personal Identity Verification (PIV) Cards David A. Cooper http://dx.doi.org/10.6028/nist.ir.7870 NISTIR 7870 NIST Text Personal Identity Verification (PIV) Cards David A. Cooper
More informationIBM i Version 7.3. Security Digital Certificate Manager IBM
IBM i Version 7.3 Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationCiphermail S/MIME Setup Guide
CIPHERMAIL EMAIL ENCRYPTION Ciphermail S/MIME Setup Guide September 23, 2014, Rev: 6882 Copyright 2008-2014, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 3 2 S/MIME 3 2.1 PKI...................................
More informationESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0
ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4
More informationA New On-line Certificate Validation Method using LDAP Component Matching Technology
A New On-line Certificate Validation Method using LDAP Component Matching Technology Jong Hyuk Choi, Sang Seok Lim, and Kurt D. Zeilenga Abstract This paper presents a new on-line certificate validation
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationImplementing Secure Sockets Layer on iseries
Implementing Secure Sockets Layer on iseries Presented by Barbara Brown Alliance Systems & Programming, Inc. Agenda SSL Concepts Digital Certificate Manager Local Certificate Authority Server Certificates
More informationUnderstanding Digital Certificates and Secure Sockets Layer (SSL)
Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?
More information