Sunday, March 12, 2017

How to security a website in public key infrastructure (PKI) – Basic Concept

Let’s suppose you are a owner of a website, which has domain name www.shengw.com

Here is the flow and it’s basic idea behind it.

image

 

CA’s role is to make sure the public key, PK1, that client used to to decode message is really belongs to www.shengw.com. Furthermore to prove any message succefully deocded by PK1 is really come from www.shengw.com's private key.

Client talks to www.shengw.com can be a browser or a Java application. In the last step what if the CA's public key is not known to the client (e.g  certificate file is not from a famous CA orgnization or even self-signed)?

  • If client is a browser, then install the CA’s root certification to the operating system’s trusted root certification authorities store.
  • If client is a java application, then  import the certificate from CA into application’s truststore jks file.

0 comments:

Post a Comment

Powered by Blogger.

About The Author

My Photo

Has been a senior software developer, project manager for 10+ years. Dedicate himself to Alcatel-Lucent and China Telecom for delivering software solutions.

Pages

Unordered List