| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| Why do IBM call a Signer Certificate a "CA" certif |
« View previous topic :: View next topic » |
| Author |
Message
|
| mqjeff |
 Posted: Tue Jun 28, 2011 11:43 am Post subject: |
 |
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| exerk's statement is a simplified picture. It's not incorrect at some level, but it's not accurate at a technical level. |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Tue Jun 28, 2011 12:34 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
You need to read about SSL in one of the many online or books devoted to explaining what SSL is, and what it does.
Briefly, very briefly, a certificate is used to authenticate. If issued by a true CA in-the-sky (VeriSign, others), the authentication can be more global, and more trusted. Why? This where the reading comes in.
A self-signed certificate can be used to authenticate, but has limitations similar to me printing near-perfect US currency on my pc, namely: it lacks global authenticity.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Jun 28, 2011 12:39 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| sjclark1 wrote: |
In general I get the principals being discussed here, but some doubts remain -- for example are the two statements below not contradictory?
| exerk wrote: |
A self-signed certificate is its own "CA".
|
| mqjeff wrote: |
When you create a self-signed certificate, you are not creating a CA-signed certificate where the CA happens to also be you.
|
|
Well it all depends. If you look at it from an organizational point, or if you look at it from a certificate chain view point... and even there, there would be some subtle differences... When you use self signed certs, it is more like CA's exchanging their public certs with one another... When you use a CA signed cert, you use a cert at least one level below the CA cert ... That means that the CA needs to sign your cert using their secret (ca) key, and for the chain to be complete you need your public cert and the ca's public cert....
I hope I did not add more complexity to your understanding...
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
