Quote:
Originally posted by penfold
Creating one's own certificate is just as secure, however. |
It is not - with respect to establishing a secure channel.
The whole idea of a PKI is to allow end-clients who have no notion of who you are to establish a trust relationship with you.
Obviously, you can make the key in the certificate just as secure as common root certificates issued by Verisign for example - but how it fits into the PKI system is completely different.
The root certificates are already installed in many applications that ship to home users - like browsers. If you are Company X, with your own generated certificate, a customer will not know whether your certificate is authentic. I could create another certrificate and call it "Company X" and send it to the customer pretending to be you. The communication will be secure of course - but he's communicating with me.. And not you..
When you go to someone like Verisign, they will generate the certificate and "SIGN" it with their private key. Then the customer can verify the authenticity of the certificate since they have Verisign's certificate on their system. There are millions of companies.. Users don't have the certificate of all of them pre-installed. That's why root certificates are important.
Finally, Verisign needs to verify that it is really you by some other means before they actually issue the certificate to Company X. That way I can't go to them and say I am from Company X and that I need a certificate. This happened to Microsoft in the past - twice I believe. They had to revoke those 2 certificates through Certificate Revokation Lists.
Quote:
Originally posted by falcon
I've got SSL Certificate for my own site and getting advantages of
[SNIPPED]
jenny |
This is Spam.
Importance of SSL Certificates 
Linear Mode
