Home All Groups Group Topic Archive Search About

root CA and cert validation / communication??

microsoft.public.inetserver.iis.security
Author
7 Dec 2006 10:15 PM
jacob600
I need to understand the basics of using CA root certs on the browser and
what happens in the background to validate the cert.

1) If the browswer has say, for example, the public key for Verisign or
Microsoft.com (root CA) then when I hit a site that has been issued a key
from say, Verisign, will the browser need to go out and still validate that
the cert is valid by quering Verisign or does it do this by looking its local
Verisgn public key?

2) I have seen, or so I thought, instances where the client or server even in
server-to-server communication attempt to go out and validate the cert being
presented to it. When would it go out and validate the cert with the root CA
and when would it NOT?

Any information would be highly appreciated including any good links.

Thank you,

Author
8 Dec 2006 7:07 AM
Bernard Cheah [MVP]
Read
Description of the Server Authentication Process During the SSL Handshake
http://support.microsoft.com/?id=257587

--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


Show quoteHide quote
"jacob600" <jacob***@discussions.microsoft.com> wrote in message
news:CCC40A18-F886-4EC0-B3B5-6ABBD442FE6C@microsoft.com...
>I need to understand the basics of using CA root certs on the browser and
> what happens in the background to validate the cert.
>
> 1) If the browswer has say, for example, the public key for Verisign or
> Microsoft.com (root CA) then when I hit a site that has been issued a key
> from say, Verisign, will the browser need to go out and still validate
> that
> the cert is valid by quering Verisign or does it do this by looking its
> local
> Verisgn public key?
>
> 2) I have seen, or so I thought, instances where the client or server even
> in
> server-to-server communication attempt to go out and validate the cert
> being
> presented to it. When would it go out and validate the cert with the root
> CA
> and when would it NOT?
>
> Any information would be highly appreciated including any good links.
>
> Thank you,



Post Other interesting topics
Win2K3, IIS6, and IE6 - Can't get IWA/NTLM to work
MS IIS Setting: HTTP Failed To Connect if Using Machine Name
Diff behavior for "Integrated windows authentication" in IIS6 Vs I
notepad will not save .config file in iis7
RPC over HTTPS for Exchange
IIS Security and files upload/create
"Certificate does not have a private key"
Multiple SSL - Same Server - Same Port/IP
Multiple SSL sites served from a single content path
IWA connect to fileserver