0.0 About Authentication Certificates

About Authentication Certificates

A certification is a digital file containing identifying information about an web server, email server, enterprise, department or individual, as examples. It also includes one or more digital signatures used to authenticate the information as being accurate. Because certificates are very difficult to falsify, they are useful when establishing secure email and webmail communications.

MDaemon email server uses certificates to help secure trusted SSL communications with email clients or other servers or both.

Authentication certificates are only as trustworthy as the company or individual applying the digital signature. Individuals and organizations can make and digitally sign their own certificates, which is perfectly legitimate and an industry practice for email servers. This is especially appropriate when the majority of people know the person or organization and trust them to be honest. Self-signed signatures are common in email applications. Some third-party companies specialize in verifying and signing authentication certificates. Any third party doing this sort of work is know as a certificate authority or CA. Within MDaemon, your organization can be its own CA.

Certificates are similar to fingerprints -- they provide positive identification, cannot be transferred and are difficult to forge. They give remote users assurance that users or computers are who they say they are.

Both clients and servers can have certificates. When a server sends its certificate to a client, the process is called server authentication. When a client sends a certificate to a server, the process is called client authentication.

The information in a certificate includes the:

issuers name and domain
host name and domain
version number
valid start and end dates
public key
key usage
certificate usage

Authentication Certificate Content

The digital signature, used for authenticating the data and assuring its integrity, consists of the private key of the certificate authority or self-signing entity. It also includes a “hash” -- a long number summarizing the content -- to ensure the integrity of the certificate.

While certificates cannot prove beyond doubt the identify of people or computers they indicate that some certificate authority has some degree of trust in the person or computer. If you trust the certificate authority who issued the certificate -- including those who self-sign their certificates -- you have some degree of confidence when you exchange information with a certificate holder.

Contents