DVS Clipster User's Guide download pdf (Page 106)

6-18

Miscellaneous

Figure 6-9: Certificate chain validation

In a public-key certificate no certificate chain is stored. So, in order to

validate a leaf certificate at the end of a certificate chain, the complete

chain up to the root certificate has to be available.

The maximum path depth from root to leaf that is allowed in a certifi-

cate hierarchy is a property of the root certificate. During the creation

of the root it has to be set and it will be inherited correspondingly to the

lower ranks. Within this path depth certificates can be created from root

and intermediate certificates.

When setting up a certificate hierarchy take care that only trusted users

receive certificates (i.e. the private key of these certificates). This applies

especially to intermediate certificates that can be used to create other

certificates.

6.6.6 Validating Certificates

As useful as the concept of certificates may seem, it fails when the val-

idating certificate itself is a forgery. Thus the remaining question is, how

can a receiver be sure about the origin of the signed files.

If the certificate was issued by a certificate authority, you can validate

the certificate either via a public certificate repository, i.e. a database of

issued certificates that is maintained by the CA, or by contacting the CA

directly.

When dealing with a self-signed certificate, there is only one way: You

should have received a duplicate of the respective public-key certificate

1 2 ... 101 102 103 104 105 106 107 108 109 110 111 112 113

No comments

DVS Clipster User's Guide Page 106