The FAQ section answers all your questions, whether they are related to the Digital Certificates, their usage, applications, Certifying Authorities or any technical question you may have. If this section doesn't answer your questions please feel free to contact our Helpdesk 6356 - 894 - 444, Email : dscsales[at]ncode[dot]in
A Certifying Authority is a trusted body whose central responsibility is to issue, revoke, renew and provide directories of Digital Certificates. In real meaning, the function of a Certifying Authority is equivalent to that of the passport issuing office in the Government. A passport is a citizen's secure document (a "paper identity"), issued by an appropriate authority, certifying that the citizen is who he or she claims to be. Any other country trusting the authority of that country's Government passport Office will trust the citizen's passport.
Similar to a passport, a user's certificate is issued and signed by a Certifying Authority and acts as a proof . Anyone trusting the Certifying Authority can also trust the user's certificate.
According to section 24 under Information Technology Act 2000 "Certifying Authority" means a person who has been granted a licence to issue Digital Signature Certificates.
The IT Act 2000 gives details of who can act as a CA. Accordingly a prospective CA has to establish the required infrastructure, get it audited by the auditors appointed by the office of Controller of Certifying Authorities, and only based on complete compliance of the requirements, a license to operate as a Certifying Authority can be obtained. The license is issued by the Controller of Certifying Authority, Ministry of Information Technology, Government of India.
A Sub CA (Subordinate CA) means a Certifying Authority falling under the (n)Code Solution CA trust hierarchy. The private key of the (n)Code Solution CA is used to sign the Public Key of such Sub CA. Sub CA, though not specifically part of the IT act, can be an entity working under the CCA trust chain with all the responsibilities mandated by the IT Act being taken care of by the CA.
A Registration Authority (RA) is responsible for initiating the certificate issuance process after receiving approved application request from the Local Registration Authority. Revocation requests for Digital Certificates from subscribers/ authorized representative of the subscriber are also handled by the RA.
An LRA (Local Registration Authority) is an agent of the Certifying Authority who collects the application forms for Digital Signature Certificates and related documents, does the verification and approves or rejects the application based on the results of the verification process.
For getting contact details of LRA close to you, please visit https://www.ncodesolutions.com/contact.asp
Certifying Authorities issue Digital Certificates that are appropriate to specific purposes or applications. Certificate Policies describe the different classes of certificates issued by the CA, the procedures governing their issuance and revocation and terms of usage of such certificates and among other things the rules governing the different uses of these certificates.
A statement of the practices, which a certification authority employs in issuing and managing certificates. A CPS may take the form of a declaration by the CA of the details of its trustworthy system and the practices it employs in its operations and in support of issuance of a certificate. General CPS framework is given in the guidelines.
Digital signatures are electronically generated and can be used to ensure the integrity and authenticity of some data, such as an e-mail message and protect against non-repudiation.
Yes, after the enactment of Information Technology Act 2000 in India, Digital Signatures are legally valid in India.
A Digital certificate is a form of an electronic credential for the Internet. Similar to a driver's license, employee ID card, a Digital certificate is issued by a trusted third party to establish the identity of the certificate holder. The third party who issues the Digital Certificate is known as the Certifying Authority (CA).
A certificate is an electronic document that binds a public key to a particular individual or organization. A trusted third party, called a Certifying Authority (CA), issues certificates. Before issuing a certificate, a CA will go though a series of authentication procedures to make sure that you are what you claim to be, and that the public key in the certificate really belongs to you.
The certificate is then encrypted (signed) with the CA's private key. Thus, if the end users trust the CA, and have the CAs public key, he can be sure of the certificate's legitimacy.
Digital Signatures provide Authentication, Privacy, Non repudiation and Integrity in the virtual world . IT Act 2000 in India gives legal validity to electronic transactions that are digitally signed. Therefore we need digital signatures for secure messaging, online banking applications, online workflow applications, e-tendering, supply chain management etc.
Digital Certificates are digital documents attesting to the binding of a public key to an individual or specific entity. They allow verification of the claim that a specific public key does in fact belong to a specific individual. Digital Certificates help prevent someone from using a phony key to impersonate someone else.
In their simplest form, certificates contain a public key and a name. As commonly used, a certificate also contains an expiration date, the name of the Certifying Authority that issued the certificate, a serial number etc. Most importantly, it contains the digital signature of the certificate issuer.
A digital signature is an electronic method of signing an electronic document whereas a Digital Certificate is a computer based record which.
(n)Code Solutions CA provides seven different classes of Digital Certificate for different applications and types of users.
| Class | Category | Supported Applications |
|---|---|---|
| I | Individual | Secure E-mail |
| IIa | Individual |
|
| IIb | Enterprises / Government Organizations or Agencies |
|
| IIIa | Individual |
|
| IIIb | Enterprises / Government Organizations or Agencies |
|
| IIIc | Individual / Enterprises / Government Organizations or Agencies | SSL Server Authentication |
| IIId | Individual / Enterprises / Government Organizations or Agencies | VPN Device Authentication |
(n)Code Solutions' Digital Certificates are valid for one year or two years from the date of issuance.
(n)CodeSolutions accepts payment through demand draft/cheque only.
An organization can purchase Digital Certificates for its employees with the objective of secure and authenticated web communication. But no one can utilize your Digital Certificate because (only one) your email address is attached to the Digital Certificate purchased for you and your Digital Certificate with private key is stored under your control. Please take care and avoid giving direct physical access to your important private key.
(n)Code Solutions provides the easiest and most reliable way to obtain your Digital Certificates . You can obtain them through our online registration wizard or you can submit your application request to our nearest LRA (Local Registration Authority).
You will be able to apply for a Digital Certificate by accessing our website at https://www.ncodesolutions.com If you have any queries or need assistance, we are available to answer your questions and provide any assistance that you need to complete your Digital Certificate registration. Contact (n)Code Solutions' Help Desk at 91-79-26857315. Our service desk hours are Monday-Saturday, 10:00 AM - 6:00 PM (Indian Standard Time).
There are three different phases for obtaining a Digital Certificate.
In the application phase, the applicant will access the (n)Code Solutions CA website at www.ncodesolutions.com to select customer type and class of certificate needed and also accept Subscriber Agreement. After that, the applicant will be taken to online registration form complying with IT Act 2000, and he will have to fill the online registration form and choose a pass phrase for later authentication.
After due verification of mandatory fields, the applicant will be given an opportunity to confirm the given details. The applicant will also print the displayed form to hand sign and send it across the (n)Code Solutions CA.
The applicant will be shown the list of documents required with reference to category and the class of certificate chosen with payment details and also time period for physical presence, if the class of certificate chosen by subscriber requires physical presence.
In authentication phase, (n)Code Solutions verifies and validates the information you provide in the online application and identification form. Upon approval of your application, (n)Code Solutions will send you an email on the email address provided in the application form with a link for email id verification.
After email verification, receipt of documents /physical appearance and payment of stipulated fees, Reference Number will be sent through email whereas Authorization Code will be sent through registered A.D. on the postal address provided in the application form, except for class 1where Authorization Code will be communicated via email. Once you have received your retrieval email or kit, you will be able to access your Digital Certificate.
No, (n)Code Solutions enrollment software currently accepts only standard ASCII characters.
Yes, you can submit your Digital Certificate application request by duly filling up our Registration Form available at our website to our local registration authority with necessary documents as mentioned in the registration form for verification purpose.
For contact information of our LRA (Local Registration Authority), Please visit https://www.ncodesolutions.com/contact-us.php
(n)Code Solutions has a strict policy on the use of applicant and customer information. (n)Code Solutions will not disclose such information, except as required under the law.
Sorry, The (n)Code Solutions CA does not provide any refund of the fees paid for the digital signature certificates.
Refusal to issue a Digital Certificate is a result of stringent verification procedure. Incomplete application, information or wrong information are the common causes for such refusal.
Relying party is an entity that relies on the information provided in a valid digital signature certificate.
A Subscriber Agreement is an agreement between Subscriber and (n)Code Solutions CA stating that, subscriber will use Digital Certificate for the assigned use or objective and he is solely responsible for the protection of the private key and ensuring functionality of his/her key pair. Subscriber also agrees through Subscriber Agreement that all the information provided to (n)Code Solutions CA at the time of registration are not misrepresented, in the event of any change in information, subscriber will immediately inform (n)Code Solutions CA. (n)Code Solutions CA will not be responsible for any legal disputes arising due to misrepresentation on the part of subscriber.
Certificate issuance process involves verification and validation checks to establish identity and other information acquired through the application form for the applicant. (n)Code Solutions CA has varied requirements for documents as well as other checks for different classes of certificates.
Yes, you can possess two different Digital Certificates for different purposes but at the same time you should have two different email addresses for two different Digital Certificates.
When you sign any transaction, you are using your private key. When the recipient receives the information with your certificate, he can verify the information using the public key on your certificate.
Signing a transaction:
Once the user has digitally signed a transaction he cannot deny that he has sent the information. This is referred to as non-repudiation.
Signing an e-mail message means you attach your Digital Certificate to it so that the recipient knows it came from you and was not tampered within route. Signing authenticates a message, but it does not provide protection against third party monitoring.
Encrypting a message means you "scramble" it in a way that only the intended recipient can "unscramble" it, which safeguards against monitoring. In order to send a signed message, you must have a Digital Certificate. Encrypting a message requires that you have the recipient's Digital Certificate.
You can digitally sign any e-mail as long as the recipient has an e-mail application, which supports S/MIME. You cannot encrypt a message, however, unless you have the recipient's Digital Certificate.
Netscape Communicator Users: Any signed e-mail you receive will have a prominent icon in the upper-right corner of the message saying "signed" or "encrypted" or both. If you want more information about the security of a message, click on the Security button (the one that looks like a padlock) above the message.
Microsoft Internet Explorer Users: Signed messages will be shown in the inbox (or any other folder) with a red ribbon on the envelope icon. Encrypted messages will show a padlock on the envelope icon.
Once a Digital Certificate has been issued it cannot be changed. Your Digital Certificate specifically verifies that your public key is bound to your stated e-mail address, so when you change addresses you need to request a new Digital Certificate. If you would like to enroll at this time, please visit the https://www.ncodesolutions.com/
height="16">Once a Digital Certificate has been issued it cannot be changed. Your Digital Certificate specifically verifies that your public key is bound to your stated e-mail address, so when you change addresses you need to request a new Digital Certificate. If you would like to enroll at this time, please visit the https://www.ncodesolutions.com/
Unfortunately Web-based mail like Yahoo, Hotmail, Incredimail, MSN or AOL is not S/MIME compatible and so cannot be used with a Personal Email Certificate.
In order to secure your mail you must setup your mail and install the personal certificate in a mail client that can support S/MIME like Outlook 2000, Outlook Express or Netscape Messenger.
Alternatively you would have to configure your email client on your PC (i.e. Outlook Express) to access your Web based account with the correct username, password and POP settings.
No you cannot. At this stage, we can issue them, but they will not be recognized by most email software. So you should request a certificate for each email address separately. You can have multiple E-mail addresses attached to an account, but when you request each certificate you will be asked which E-mail address you want the certificate attached to.
After downloading and importing Digital Certificate in your web browser, you are ready to use your Digital Certificate with web browser but for using with your email client software you will have to configure necessary settings. To get descriptive help for configuring email client software for using digital signatures, please visit following.
Unfortunately Web-based mail like Yahoo, Hotmail are not S/MIME compatible and so cannot be used with a Personal Email Certificate. Email is secured by using a combination of two functions: signing and/or encrypting the original mail. Each is represented at the recipient end in the form of attachments.
A signed mail has an attachment called smime.p7s (containing the sender's signature).
An encrypted mail has an attachment called smime.p7m (containing the encrypted message).
Therefore, to verify a signed and/or read an encrypted message, your client need a mail reader compatible with S/MIME which will interpret the attachments, otherwise your client will see the message with all these attachments described above.
For this Assure Messaging Solution has to be integrated with the mail server to provide digital signature based access control.
Sorry, but you cannot. Your Digital Certificate needs to be revoked when your name changes. You can inform about this to our helpdesk at revocation of your Digital Certificate to prevent any misuse
Yes, you can digital signatures for e-tendering. Only following transactions/instruments are not recognized as per the IT Act
Yes, Digital Signature can be employed in wireless network.
Sorry, you cannot use Digital Certificate which you have purchased as an individual for your website. For authenticating your website you will be in need of a different Digital Certificate which is called as SSL (secure socket layer) certificate.
A Digital Certificate, which you have purchased as an individual will be used for sending and receiving secure email and web-based transactions through web browsers. While if you want to use Digital Certificate for your website, you will have to purchase Digital Certificate specially based for the functionality of web based transactions.
No, you control the presentation of your Digital Certificates to websites through the settings in your web browser.
Netscape Communication Users: You can choose whether or not your Digital Certificate is automatically sent to the web sites you access, and which Digital Certificate (if you have more than one installed) are used. To change your Digital Certificate usage settings:
Microsoft Internet Explorer Users: Internet Explorer always asks you whether to send Digital Certificate information to any website requesting it, and allows you to choose which Digital Certificate to use (if you have more than one installed)
During registration process, if you are using Internet Explorer it will display a list of different cryptographic service providers, but the first highlighted cryptographic service provider will be the default one, which is present in your computer. So when you reach at this stage, please select the highlighted one.
If you are using Netscape Navigator, 0nline registration wizard will not ask you for cryptographic service provider but for the key length. Please select key length of 1024.
When a document or transaction is signed using a Digital Certificate, it serves as a means of identifying the person who signed since a certificate and vouches for the owner's identity or association with a particular organization. It is important to validate a certificate to ensure that it has not been changed, revoked or has not expired.
You can validate a certificate using CRL, OCSP or CAM.
A list of certificates that have been revoked by the Certifying Authority. The CRL contains the certificates, which are no longer valid.
Certificate Authorities publish Certificate Revocation Lists (CRLs), which as the name suggests are lists of revoked or cancelled certificates. These CRLs are published at regular intervals and contain periodic updates to the status of certificates. Through Certificate Revocation List, the (n)Code Solutions CA notifies users that a particular certificate is no longer valid.
In CRL based validation, the application downloads the latest CRL (or refers to a cached CRL) and checks for certificate validity against this list.
A Digital Certificate can be revoked under circumstances like:
In order to eliminate the malicious act of the third parties, we ask you to contact us for revocation. (n)Code Solutions' Customer Support will process the revocation within two working days after receipt of notice from your representative.
Through Fax/Hand Delivery/Courier
Download revocation request form from our website at https://www.ncodesolutions.com. Forward that revocation request form to us after duly filling and hand signing it. We will verify the information contained in the revocation request with the issued certificate and application form. Later, we will proceed with the revocation request.
Through E-mail
Send us an email with the revocation form in an attachment to the (n)Code Solutions CA helpdesk at ra[at]ncodesolutions[dot]com with the subject line "Revocation Request". You should encrypt this transaction by using the public key of the (n)Code Solutions CA. The subscriber must digitally sign the transaction even though the private key may have already been compromised. After receiving your email we will verify the information and will proceed for revocation as per the revocation grace period.
In case of any mismatch of information, you will be intimated accordingly through an email and revocation request will not be processed.
No, because the revocation request can only be made by-
If you have a reason to believe that your private key is compromised, immediately inform about this through email to (n)Code Solutions CA's help desk at support[at]ncodesolutions[dot]com. Requests for revocation of the Digital Certificate can also be sent to ra[at]ncodesolutions[dot]com with the request digitally signed by you if the compromised private key is still under your possession. The certificate revocation form is also available on the (n)Code Solutions CA website at https://www.ncodesolutions.com which can be filled in and sent to (n)Code Solutions office for processing of the revocation request.
No fee is charged for certificate revocation and the serial number of your Digital Certificate will be immediately displayed in the certificate revocation list on successful revocation of your Digital Certificate.
Through https://www.ncodesolutions.com/repository/ncodecrl.crl you will be able to access Certificate Revocation List (CRL). It provide serial number of (n)Code Solutions's Digital Certificate which you intend to verify whether it is revoked or not. After providing serial number press 'submit' button, within seconds you will get the exact status whether Digital Certificate is valid or it is revoked by (n)Code Solutions CA.
You cannot renew the certificate by accessing URL stated in the e-mail.
Please ask our representatives for the renewal of your (n)Code Solutions certificate.
If you have selected the [Auto renewal] option on the application form, you will receive a [Request to renew certificate] e-mail 30 days before the expiration of validity date. As you access the URL stated in the e-mail, you will be able to get renewal certificate. You will need an old certificate registered in your browser to renew it.
In case yours hard drive crashes or your Digital Certificate gets accidentally deleted. If you store a backup copy of your Digital Certificate on a floppy disk in a secure place, then you will always be able to re-install your Digital Certificate. If you lose your Digital Certificate and it is not backed-up, then you will lose any messages that have been encrypted for you.
No. Your key pair and your Digital Certificate are stored on your hard drive and are not disrupted by removing the power source to your computer.
Protect your computer from unauthorized access by keeping it physically secure. Use access control products or operating system protection features (such as a system password). Take measures to protect your computer from viruses, because a virus may be able to attack a private key. Always chose to protect your private key with a good password.
Your Digital Certificate cannot be used without your private key, which is never transmitted to us. To maintain security, your private key should be protected by a password and never sent across any network. You want your Digital Certificate (which contains your public key) to be available to other users so that they can verify your right to use the Digital Certificate, decrypt messages that you have encrypted with your private key, and verify your digital signatures.
Private Keys are not easily viewed simply because they need to remain secure. They exist for the most part in an encrypted state within the registry of the Operating System. However, if specified at the time of key pair generation, it is possible to export a Private Key as a data file for backup purposes. Like any cryptographic key, Private Keys are simply long, random numbers.
Your private key is protected in two ways:
A third party can access your private key only by:
Unfortunately not. If you have forgotten your private key password, no one can help you, and you will have to apply for a new (n)Code Digital Certificate. In addition, any secure E-mail messages encrypted using your public key will be effectively lost. In some cases you might also have to reinstall your E-mail software and Web browser as well.
Once your Digital Certificate and key files have been deleted, damaged or overwritten, there is no way to reactivate your Digital Certificate. You will first need to revoke your Digital Certificate, and then enroll for a new one.
A hard drive crash usually deletes all key pair and Digital Certificate files in your computer. Once these files have been lost, there is no way to reactivate the Digital Certificate. You will first need to revoke your Digital Certificate, and then enroll for a new one.
If your key files were protected with a password, then it is unlikely that the thief will be able to use your Digital Certificate to impersonate you. In Microsoft Internet Explorer, your key files are protected by your Windows password, and in Netscape they are protected by your Navigator or Communicator password. If you want another Digital Certificate You should immediately revoke your Digital Certificate, then enroll for a new one.
Yes. Netscape Communicator is set up to allow multiple people to use Netscape on the same computer using profiles. Each person uses their profile to keep their settings, preferences, bookmarks, mail messages and certificates separate from other users of Netscape on the same computer.
(Microsoft Internet Explorer) The first step for transporting your Digital Certificate is to save ("export") it from the hard drive of the computer where it is currently held onto a floppy disk or other transport medium.
When your Digital certificate has been successfully exported, you can then import it into the new location. To import your Digital Certificate into Internet Explorer:
If you removed your old copy of Internet Explorer by deleting the application and its directory, you also deleted your Digital Certificate. You need to request for a new Digital Certificate.
If you removed your old copy of Netscape Navigator by deleting your Netscape directory, you also deleted the file that contained the private key associated with your Digital Certificate. Without that private key, you cannot reinstall your Digital Certificate. You need to request a new Digital Certificate. Upgrading Navigator with the Netscape installer preserves your personal information, including your Digital Certificate and private key. In the future, you should use this installer when upgrading Navigator
You can request a Digital Certificate when you register your copy of Navigator, or you can go directly to the Digital Certificate Center.
Exporting From Netscape Navigator:
Importing Into Microsoft Internet Explorer:
Exporting Into Microsoft Internet Explorer:
Import Into Netscape Navigator
NOTE: Only the later versions of Navigator 4.0 and up support importing Digital Certificates
If you removed your copy of Microsoft Internet Explorer or Netscape Navigator by deleting the application and its directory, you also deleted the file that contained the private key associated with your Digital Certificate. Without that private key, you cannot reinstall your Digital Certificate.
No, it is not the same. In Netscape, there is an independent database for administering the certificates. Master Password is a password for accessing its database. Please DO NOT forget the password. Otherwise, you won't be able to backup the certificates in the database.
In Internet Explorer, OS administer the certificate database, and the password is the same as your login password.
Most of the time, the root certificate which is installed improperly, causes this to happen. Please follow the instruction below for the resolution
If you are using Netscape:
If you are using Internet Explorer:
Secure Socket Layer (SSL) is a technology developed by Netscape and adopted by all vendors producing related Web software. It negotiates and employs the essential functions of mutual authentication, data encryption, and data integrity for secure transactions.
This exchange between the client and server is performed using the Secure Sockets Layer (SSL). SSL 2.0 supports server authentication only; SSL 3.0 supports both client and server authentication.
You will not be able to use one certificate on different websites as the certificate is tied to the exact host and domain name. If you have a certificate for https://www.ncodesolutions.com/, you can only use the certificate for https://www.ncodesolutions.com/ and NOT https://ncodesolutions.com/
If you do use a certificate on a different website, you will get a Certificate/Site mismatch error.
Before trusting any SSL certificate provided website, visitors should verify given below points: -
The PKI is a framework of policies, services, and encryption software that provides the assurances, users need before they can confidently transmit sensitive information over the Internet and other networks. At the heart of a PKI is a "Certifying Authority" which issues to each individual a Digital Certificate linking that particular person to a known public key.
Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient. In short, cryptography is science of securing data.
Secret-key cryptography is sometimes referred to as symmetric cryptography. It is the more traditional form of cryptography, in which a single key can be used to encrypt and decrypt a message. Secret-key cryptography not only deals with encryption, but it also deals with authentication.
Public Key Cryptography is a method for securely exchanging messages, based on assigning two complimentary keys (one public, one private) to the individuals involved in a transaction. Public Key Cryptography is based on the science of encryption, the mathematical scrambling and unscrambling of messages.
Authentication is the process of verifying a claimed identity. This includes:
Encryption is the process of using a mathematical formula and an encryption key to scramble information so that is unintelligible to unauthorized persons. Since electronic information is in the form of a series of ones and zeroes, an encryption process can transform a particular electronic message into another sequence of ones and zeros that is uniquely related to the original message.
Decryption is the process of converting the scrambled information back to its original, plain text form using the same mathematical formula and a decryption key related to the encryption key so an authorized person can understand it.
Non-repudiation provides proof of the origin or delivery of data in order to protect the sender against a false denial by the recipient that the data has been received or to protect the recipient against false denial by the sender that the data has been sent.
"Private Key" means one of the key of a key pair used to create a Digital Signature.
A plastic card like credit card with a built-in microprocessor and memory used for identification or financial transactions. When inserted into a reader, it transfers data to and from a central computer. It is more secure than a magnetic stripe card and can be programmed to self-destruct if the wrong password is entered too many times.
An e-token is a powerful and secure hardware device that enhances he security of data on public and private networks. The size of a normal house key, e-token can be used to generate and provide secure storage for passwords and Digital certificates, for secure authentication, digital signing and encryption. E-tokens are based on smart card technology but require no special readers.
A key agreement protocol, also called a key exchange protocol, is a series of steps used when two or more parties need to agree upon a key to use for a secret-key crypto system. These protocols allow people to share keys freely and securely over any insecure medium, without the need for a previously established shared secret.
The digital envelope consists of a message encrypted using secret-key cryptography and an encrypted secret key.
An algorithm that transforms a string of characters into a usually shorter value of a fixed length or a key that represents the original value. This is called the hash value. Hash functions are employed in symmetric and asymmetric encryption systems and are used to calculate a fingerprint/imprint of a message or document. When hashing a message, the message is converted into a short bit string - a hash value - and it impossible to re-establish the original message from the hash value. A hash value is unique in the sense that two messages cannot result in the same bit string, and any attempt to make changes to the message will negate the value and thus the signature.
A digital time-stamping service issues time-stamps, which associate a date and time with a digital document in a cryptographically strong way. The digital time-stamp can be used at a later date to prove that an electronic document existed at the time stated on its time-stamp. For example, a physicist who has a brilliant idea can write about it with a word processor and have the document time-stamped. The time-stamp and document together can later prove that the scientist deserves the Nobel Prize, even though an archrival may have been the first to publish.
Public Key Cryptography Standards are a set of standard protocols for the development of a public key infrastructure (PKI). These standards include RSA encryption, password-based encryption, extended certificate syntax, and cryptographic message syntax for the S/MIME secure e-mail standard. Developed in 1991 by RSA Laboratories with representatives from various computer vendors, PKCS is today widely deployed in public key cryptography systems.
A Cryptographic service provider is responsible for creating keys, destroying them, and using them to perform a variety of cryptographic operations. Each cryptographic service provider provide a different implementation of the crypto API, some provide stronger cryptographic algorithms, while others contain hardware components, such as smart cards.
A unique identifier of a person or thing having the structure required by the relevant certificate profile. A distinguished name is assigned to each key holder, organization or other entity.
In the (n)CodeSolutions's Certificate Server, DNs is to identify the owner of a certificate and the authority that issued a certificate.
Secured Sockets Layer is a protocol that transmits your communications over the Internet in an encrypted form. It is designed by Netscape Communications to enable encrypted, authenticated communications across the Internet. SSL ensures that the information is sent, unchanged, only to the server you intended to send it to. Online shopping sites frequently use SSL technology to safeguard your credit card information.
When SSL is employed to secure your transaction, the information contained in your transaction is secretly encoded as it is sent between your computer and the computer (web server) you have linked to. Note, for an SSL transaction to work, your browser must be SSL compatible, and the web server you have linked to must be able to perform the necessary "key exchange" with your SSL compatible browser.
MIME (Multipurpose Internet Mail Extensions) is a set of specifications for the interchange of text in languages with different character sets. MIME is also used to attach multimedia and rich text elements to e-mail that may be transmitted among different computer systems using Internet mail standards. The specifications define Content-Types and other conventions for the formatting of e-mail messages. S/MIME is a later standard that adds security to e-mail communication by allowing signing and encryption of messages.
A standard that extends the MIME (Multipurpose Internet Mail Extensions) specifications to support the signing and encryption of e-mail transmitted across the Internet.
X.509: - A widely used standard for defining Digital Certificates. X.509 is actually an ITU Recommendation, which means that it has not yet been officially defined or approved for standardized usage. As a result, companies have implemented the standard in different ways. For example, both Netscape and Microsoft use X.509 certificates to implement SSL in their Web servers and browsers. But an X.509 Certificate generated by Netscape may not be readable by Microsoft products, and vice versa.
X.500: - An ISO and ITU standard that define how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information, such as country, state, and city. X.500 supports X.400 systems.
A certificate validation mechanism is a mechanism, which is used when a document or transaction is signed using a Digital Certificate, and which serves as a means of identifying the person who signed since a certificate vouches for the owner's identity or association with a particular organization. Hence a certificate validation mechanism is important to implement to ensure that it has not been revoked or has not expired.
Validation refers to determining the status of a certificate - whether valid, expired or revoked. All Certificates have a fixed life (say one year), but there are various reasons for which a certificate may be invalidated before its due expiry.
OCSP refers to certificate validation that occurs through the Online Certificate Status Protocol mechanism, this type of validation occurs only when the signer certificate is stamped with an AIA (Authority Information Access) extension.
OCSP can be either a replacement or a supplement to checking the validity of a certificate against a Certificate Revocation List (CRL). Using OCSP, when a user attempts to access a server, OCSP sends a request for certificate status information. The server sends back a response of "current", "expired," or "unknown."
The Certificate Arbitrator Module (CAM) was created to provide validation services across different vendors of the ACES program. It is an application level router that efficiently and consistently routes certificates from relying party programs to the issuing certificate authorities for validation. By interfacing directly with the CAM, a relying party application can interact seamlessly with multiple CAs.
This website stores data such as cookies to enable site functionality including analytics and personalization. By using this website, you automatically accept that we use cookies.
