Join Sean Colins for an in-depth discussion in this video Reviewing provided certificates, part of Understanding Secure Sockets Layer.
- I wanted to show this to you in practice. We'll use Apple as an example. I'm gonna go to their Knowledge Base article, HT5012, and that's going to show us how, in iOS 7, we have this really detailed list, see here, we have in iOS 7.1.2, as we're recording this title, that's what's current. You can see the trusted certificates always ask, and blocked certificates are listed right here. And, I'm gonna click on "trusted", and I'm just going to do a quick "Find", Command + F, and I'm going to show you that if I go to NetSol...
Whoops, if I type it correctly... If I go to NetSol, I can see right here, there is the certificate, the trusted certificate, for Network Solutions Certificate Authority, right? There it is: trust always. And because that's in there, any certificate that's issued to anyone by Network Solutions Certificate Authority will eventually chain-up to this certificate and be trusted because the trust is set to "always", right? It's complicated, there are a lot of connecting parts, but there's no magic involved.
Let's look at GoDaddy. Same thing, here. Here's our information about GoDaddy. You can just scroll through this for a long, long time, and see all the different certificate authorities in here. I'm just typing in a few well-known names. I've talked about Verisign many times, let's type them in and see where they are. 95 matches, they're all over the place, right? So this is really helpful to us, right? To understand that there is a reason why everything chains through and is ultimately trusted.
And that reason is that the device manufacturer or application manufacturer, the operating system publisher, is the the place where that final decision is being made about who gets trusted and who doesn't.
- SSL communications
- Certificate authorities
- Public key infrastructures
- Symmetric and asymmetric key pairs
- Cryptographic hash functions
- Encryption algorithms
Start now, and by the end of this course you'll have the knowledge to create SSL certificates, as well as revoke and renew them, from the command line.