APPENDIX
4
APPENDIX 4 – Browser Certificates
You shouldn't overestimate the I.Q. of crooks
— NYT: Stuart A. Baker, General Counsel for the NSA
There is no security on this earth. Only opportunity. – Douglas MacArthur
Certificates
Certificates are means for authenticating the validity of sites, servers or other devices user
can connect to for services. These include web servers, print servers, data services and more.
Normally, users encounter the certificates when they sign on to web services.
One of the common methods of compromising the security is to create phishing sites.
Phishing sites look like the real web site and extract information from a valid user which
them compromises the security of the user (typically impersonating the individual to access
information or money or other services faking their identity). This is commonly used to
compromise security (and hence the quotes at the beginning of this appendix….)
Many devices as well as web sites, today use secure methods to communicate via the web.
Once secure web communications are required, the browsers look at the certificate and
match the URL information to the certificate information. If the information does not
match, the browser flags the site as a compromised site.
Certificates allow a user accessing a web site to authenticate whether they are in fact on the
proper web site. To do that, there are Certificate Authorities who validate the authenticity of
the site and can issue a public certificate. This process usually costs money and time in
validation etc.
Many devices use self signed certificates. Self signed certificates allow a vendor to insert in a
“signature” to identify their device and other parameters. Many times, the user accessing the
device will find that the device they are accessing and the self signed certificate do not
match. The browser will typically catch that and will warn a user about accessing the site.
The rest of the sections below will describe how to use the browsers with GarrettCom self
signed certificates.
328