Previous Topic: When to Use SSL Encryption

Next Topic: SSL Processing

Certificates and Keys

To take part in an SSL session an SSL server needs to publish a certificate, and needs to hold the corresponding private key.

A certificate is a digital document that contains text encrypted with a private key. If you change the certificate without knowing the private key, you invalidate the certificate. If the certificate is valid, anybody can use the public key to decrypt the certificate information. If the public key does not work then somebody has corrupted the certificate and it cannot be trusted.

In CA Directory the certificate subject incorporates the DSA name.

You cannot use a certificate that is valid for one DSA on another DSA.

You can only create a valid certificate by using appropriate software, for example the CA Directory tool DXcertgen or OPENSSL.

All certificates used for CA Directory must be in X.509 PEM format.


Copyright © 2009 CA. All rights reserved. Email CA about this topic