Certificates and SSL



Similar documents
O Reilly Media, Inc. 3/2/2007

SQL Server 2008 and SSL Secure Connection

Installing your Digital Certificate & Using on MS Out Look 2007.

Getting a Free Comodo Certificate

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Exostar LDAP Proxy / Secure Setup Guide. This document provides information on the following topics:

Encrypting Your Using the free COMODO Secure Certificate

ADFS Integration Guidelines

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

IFS CLOUD UPLINK INSTALLATION GUIDE

Using etoken for Securing s Using Outlook and Outlook Express

You re FREE Guide SSL. (Secure Sockets Layer) webvisions

Generating an Apple Enterprise MDM Certificate

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

How To Send An Encrypted In Outlook 2000 (For A Password Protected ) On A Pc Or Macintosh (For An Ipo) On Pc Or Ipo (For Pc Or For A Password Saf ) On An Iphone Or

Windows Intune Walkthrough: Windows Phone 8 Management

Secure IIS Web Server with SSL

Wavecrest Certificate

Here are the steps to configure Outlook Express for use with Salmar's Zimbra server. Select "Tools" and then "Accounts from the pull down menu.

Moving the Web Security Log Database

ECA IIS Instructions. January 2005

Step 2: Configure Secure Secure Standard End-User Guide Version: Effective Date: 12-Mar-2014

How-to: Single Sign-On

SafeGuard Enterprise upgrade guide. Product version: 7

Outlook Web Access Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

USING SSL/TLS WITH TERMINAL EMULATION

SECURE USER GUIDE OUTLOOK 2000

Client Configuration Secure Socket Layer. Information Technology Services 2010

Secure Web Appliance. SSL Intercept

How To Set Up Dataprotect

Installing your certificate on your Windows PC

Installing and Configuring a Server Certificate for use by MailSite Fusion with TLS/SSL A guide for MailSite Administrators

Upgrade Guide. Platform Compatibility. Dell Secure Mobile Access Upgrade Guide

Microsoft Exchange 2010 and 2007

How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server

Using Windows Task Scheduler instead of the Backup Express Scheduler

Specops Command. Installation Guide

IMPORTING AND EXPORTING CERTIFICATES IN IE AND FIREFOX FOR BPIA AND PRACS

Configure Single Sign on Between Domino and WPS

How to Configure a Secure Connection to Microsoft SQL Server

etoken Enterprise For: SSL SSL with etoken

Zarafa S/MIME Webaccess Plugin User Manual. Client side configuration and usage.

User Management Resource Administrator. Managing LDAP directory services with UMRA

HOW TO CONFIGURE SQL SERVER REPORTING SERVICES IN ORDER TO DEPLOY REPORTING SERVICES REPORTS FOR DYNAMICS GP

How to configure MAC authentication on a ProCurve switch

Craig Carpenter MCT. MCSE, MCSA

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

SafeGuard Enterprise upgrade guide. Product version: 6.1

Marriott Enrollment Server for Web User Guide V1.4

MIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER

SELF SERVICE RESET PASSWORD MANAGEMENT BACKUP GUIDE

Network Load Balancing

E-CERT C ONTROL M ANAGER

Publish Acrolinx Terminology Changes via RSS

CHAPTER 7 SSL CONFIGURATION AND TESTING

Configuring the NetBackup 7.7 Cloud Connector for use with StorReduce

Hyperoo 2.0 A (Very) Quick Start

Personal Secure Certificate

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

HTTP Server Setup for McAfee Endpoint Encryption (Formerly SafeBoot) Table of Contents

Guide Installing Digital Certificates in Outlook 2000

The Joys of Importing & Using an S/MIME Certificate CCIT Publication

Moving the TRITON Reporting Databases

Migrating from Microsoft ISA Server 2004/2006 to Forefront Threat Management Gateway (TMG) 2010

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N REV A01 January 14, 2011

APNS Certificate generating and installation

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

CONFIGURING MICROSOFT SQL SERVER REPORTING SERVICES

Exchange Reporter Plus SSL Configuration Guide

How to use encrypted in the WECI scheme.

Using Entrust certificates with Microsoft Office and Windows

How to request a certificate

Sametime Gateway Version 9. Deploying DMZ Secure Proxy Server

The IceWarp SSL Certificate Process

Setup SSL in SharePoint 2013 Using Domain Certificate

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Importing your personal certificate(s) to Microsoft Internet Explorer from a Back-up (or export) file

Adding Digital Signature and Encryption in Outlook

IceWarp SSL Certificate Process

Instructions for Microsoft Outlook 2003

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

SAS 9.3 Foundation for Microsoft Windows

Replacing vcenter Server 4.0 Certificates VMware vsphere 4.0

Validating Digital Signatures in Adobe

How to Create a Delegated Administrator User Role / To create a Delegated Administrator user role Page 1

Last edited on 7/30/07. Copyright Syncfusion., Inc

CA Nimsoft Service Desk

Title: How to set up SSL between CA SiteMinder Web Access Manager - SiteMinder Policy Server and Active Directory (AD)

Setting Up SSL on IIS6 for MEGA Advisor

Demo: Controlling.NET Windows Forms from a Java Application. Version 7.3

Djigzo S/MIME setup guide

QUANTIFY INSTALLATION GUIDE

Laboratory Exercises VI: SSL/TLS - Configuring Apache Server

Introduction. Important Upgrade Notice! SHORETEL SALESFORCE.COM CALL CENTER ADAPTER VERSION 4.X

Getting started with IMAP for Aggi What is IMAP?

Transcription:

SE425: Communication and Information Security Recitation 12 Semester 2 5775 17 June 2015 Certificates and SSL In this recitation we ll see how to use digital certificates for email signing and how to use SSL as part of a.net application. 1 Using Certificates in Email There are a number of certification authorities that let you create free digital certificates for email signing and encryption. One company that offers that service is Comodo. The digital certificate that you get from them (for free) just verifies that the email came from the address you provide to them. There is no personal name in the certificate since they have no way of telling what your name really is. Once you have a certificate from Comodo you can install it in your browser or email client to sign and encrypt emails. 1.1 What to do 1. Open your browser (preferably on your personal computer) and navigate to https://secure.comodo. com/products/frontpage?area=secureemailcertificate 2. Fill in the information in the form and provide an email address that you can use with a non-web email client. 3. Once you enter in your information, Comodo will send you an email which looks like the figure below: 4. Once you open the email and click on the top button you will be brought to a page which will install the public key certificate in your browser. You can see if it was successful (using Firefox) by opening the Options- Advanced- Certificates- View Certificates dialog. 1

5. After you install the certificate, the dialog should show at least one line that looks like the figure below: 6. The certificate is now in your browser. To move it to your email application, you first need to export it. You can do so by clicking on the Backup... button on the dialog box. That will enable you to store the certificate on your computer. The Backup step asks for a password to encrypt the certificate on export. Choose a good one. 7. Next, open your email client and the email account you want to attach the certificate to. The example below is for Thunderbird: 8. Choose to use the certificate as a signing certificate by selecting to import the certificate you exported. Once you enter the password for it, you will see the new certificate added to the account: 2

9. Once the certificate is imported you can add it to the account by selecting it using the Select button: 10. You can then use it to sign emails from the account by adding a digital signature to the email: 3

2 Creating Your Own Certificates.NET offers a tool to create your own certificates which can be stored in the local certificate store in Windows. The tool to create a certificate is called makecert.exe and it can be found in the Windows SDK directory. In Windows 7 it can be found in: C:\ProgramFiles\MicrosoftSDKs\Windows\v6.0A\Bin. You may need to install the Windows SDKs on your computer if you don t have them already installed. The directory may be different in Windows 8. We can view the local certificates on the computer using the Microsoft Management Console which has a Certificates snap-in tool. The tool is designed to create code signing certificates, but you can use them for other purposes as well. Don t try to use them for SSL servers since they won t pass any browser s verification steps. The following command creates a new certificate using makecert with some configuration parameters: makecert -n "CN=Michael J. May ;O=Kinneret College on the Sea of Galilee;OU=Achi Racov Engineering School" -pe -sr currentuser -ss My -cy end -h 0 -a sha1 -$ individual The flags set the following parameters: -n The identity of the entity in the certificate is Michael J. May of the organization called Kinneret College on the Sea of Galilee in the organizational unit called Achi Racov Engineering School -pe The private key is included in the certificate and can be exported. -sr The certificate will stored in the location provided. The value currentuser is the default value and it puts it in the certificates installed for the user. You can also put localmachine to put it at the machine level. -ss The certificate store into which the certificate will be put. The My certificate store is the default one for the user. -cy Indicates the certificate is an end entity and so can t sign on others. You could also put authority to allow it. -h Limits the number of nodes on the tree below the node. Putting 0 means no one can be below. -a The hash algorithm used. The default for makecert is MD5 which has known issues, so I used sha1. 4

-$ Indicates what kind of authority the certificate grants. Here is grants only authority as an individual code signer. You could also put commercial to declare yourself a commercial publisher. By examining the certificate issued, we can see how the field values are stored in the certificate: We could also add the -r parameter to make it a self signed certificate and get the following resulting certificate: 5

As with the email certificates, the ones in the computer s certificate store can be exported and viewed externally. They can also be used to manually set up SSL channels using.net channels and streams. See the documentation for the SslStream class in.net. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information