Using Certificates

A certificate is the digital equivalent of an ID card. Just as you may have several ID cards for different purposes, such as a driver's license, an employee ID card, or a credit card, you can have several different certificates that identify you for different purposes.

This section describes how to use the Certificate Manager to work with the certificates you have on file. To open the Certificate Manager, follow these steps:

  1. Open the Edit menu and choose Preferences.
  2. Click Privacy and Security.
  3. Click Manage Certificates.

When you are using Certificate Manager windows, you can obtain more detailed instructions by clicking the Help button in the lower-right corner of each window.

In this section:

Get Your Own Certificate

Check Security for a Web Page

Manage Certificates

Manage Smart Cards and Other Security Devices

View or Change SSL Settings

View or Change Certificate Validation Settings

 

Get Your Own Certificate

Much like a credit card or a driver's license, a certificate is a form of identification you can use to identify yourself over the Internet and other networks. Like other commonly used personal IDs, a certificate is typically issued by an organization with recognized authority to issue such identification. An organization that issues certificates is called a certificate authority (CA).

You can obtain certificates that identify you from public CAs, from system administrators or special CAs within your organization, or from web sites offering specialized services that require a means of identification more reliable that your name and password.

Just as the requirements for a driver's license vary depending on the type of vehicle you want to drive, the requirements for obtaining a certificate vary depending on what you want to use it for. In some cases getting a certificate may be as easy as going to a web site, entering some personal information, and automatically downloading the certificate into your browser. In other cases you may have to go through several steps.

You can obtain a certificate today by visiting the URL for a certificate authority and following the on-screen instructions. For a list of certificate authorities, see the online document Client Certificates.

Once you obtain a certificate, it is automatically stored in a security device. Your browser comes with its own built-in software security device. A security device can also be a piece of hardware, such as a smart card.

Like a driver's license or a credit card, a certificate is a valuable form of identification that can be abused if it falls into the wrong hands. Once you've obtained a certificate that identifies you, you should protect it in two ways: by backing it up and by setting your master password.

When you first obtain a certificate, you may be prompted to back it up. If you haven't yet created a master password, you will be asked to create one.

For detailed information about backing up a certificate and setting your master password, see My Certificates.

Return to beginning of Using Certificates section ]

 

Check Security for a Web Page

[describes the lock icon and how to open Page Info for a given web page.]

Return to beginning of Using Certificates section ]

 

Manage Certificates

You can use the Certificate Manager to manage the certificates you have available. Certificates may be stored on your computer's hard disk or on smart cards or other security devices attached to your computer.

To open the Certificate Manager, follow these steps:

  1. Open the Edit menu and choose Preferences.
  2. Click Privacy/Security.
  3. Click Manage Certificates.

The sections that follow describe some of the tasks you can use the Certificate Manager to perform. For more detailed instructions about using any Certificate Manager window, click the Help button for that window.

Manage Certificates that Identify You
Manage Certificates that Identify Web Sites
Manage Certificates that Identify Certificate Authorities

 

Manage Certificates that Identify You

When you first open the Certificate Manager, you'll notice that it has several tabs across the top of its window. The first tab is called My Certificates, and it displays the certificates your browser has on file that identify you. Your certificates are listed under the names of the organizations that issued them.

To perform an action on one or more certificates, click the entry for the certificate (or Shift-click to select more than one), then click the View, Backup, or Delete button. Each of these buttons brings up another window that allows you to perform the action. Click the Help button in any window to obtain more information about using that window.

The other buttons in the My Certificates tab don't require you to select a certificate first. You can use them to perform these actions:

For more details about any of these tasks, click the Help button in any Certificate Manager window or see My Certificates.

Return to beginning of Using Certificates section ]

 

Manage Certificates that Identify Web Sites

Some web sites use certificates to identify themselves. Such identification is required before the web site can encrypt information transferred between the site and your computer (or vice versa), so that nobody can read the data while in transit.

If the URL for a web site begins with https://, the web site has a certificate. If you visit such a web site and its certificate was issued by a CA that your browser doesn't know about or doesn't trust, you will be asked whether you want to accept web site's certificate. When you accept a new web site certificate, the Certificate Manager adds it to its list of web site certificates.

To view all the web site certificates available to your browser, click the tab labeled Web Site Certificates at the top of the Certificate Manager window.

To perform an action on one or more web site certificates, click the entry for the certificate (or Shift-click to select more than one), then click the View, Edit, or Delete button. Each of these buttons brings up another window that allows you to perform the corresonding action. Click the Help button in any window to obtain more information about using that window.

The Edit button allows you to specify whether your browser will trust the selected web site certificates in the future.

For more details, click the Help button in any Certificate Manager window or see Web Site Certificates.

Return to beginning of Using Certificates section ]

 

Manage Certificates that Identify Certificate Authorities

Like other commonly used forms of ID, a certificate is issued by an organization with recognized authority to issue such identification. An organization that issues certificates is called a certificate authority (CA). A certificate that identifies a CA is called a CA certificate.

Certificate Manager typically has many CA certificates on file. These CA certificates permit Certificate Manager to recognize and work with certificates issued by the corresponding CAs. However, the presence of a CA certificate in this list does not guarantee that the certificates it issues can be trusted. You or your system administrator must make decisions about what kinds of certificates to trust depending on your security needs.

To view all the CA certificates available to your browser, click the tab labeled Web Site Certificates at the top of the Certificate Manager window.

To perform an action on one or more CA certificates, click the entry for the certificate (or Shift-click to select more than one), then click the View, Edit, or Delete button. Each of these buttons brings up another window that allows you to perform the action. Click the Help button in any window to obtain more information about using that window.

The Edit button allows you to view and control the trust settings for each certificate. Trust settings for a CA certificate let you to specify which kinds of certificates issued by that CA you are willing to trust.

For more details, click the Help button in any Certificate Manager window or see CA Certificates.

Return to beginning of Using Certificates section ]

 

Manage Smart Cards and Other Security Devices

[Describes how to open the Cert Manager to the fifth tab and how to add, delete, log into, or log out of security modules and devices.]

Return to beginning of Using Certificates section ]

 

View or Change SSL Settings

The Secure Sockets Layer (SSL) protocol allows your computer to exchange information with web site computers in encrypted form--that is, the information is scrambled while in transit so that nobody else can make sense of it. SSL is also used to identify computers on the Internet by means of certificates.

Transport Layer Security (TLS) is a new standard based on SSL. By default, the browser supports both SSL and TLS. This approach works for most people, because it guarantees that the browser will work with virtually all other existing software on the Internet that supports any version of SSL or TLS. However, in some circumstances system administrators or other knowledgeable persons may wish to adjust the SSL settings to fine-tune them for special security needs or to account for bugs in some older software products.

You shouldn't adust the SSL settings for your browser unless you know what you're doing or have the assistance of someone else who does. If you do need to adjust them for some reason, follow these steps:

  1. Open the Edit menu and choose Preferences.
  2. Under the Privacy and Security category, select SSL. (If no options are visible under Privacy and Security, click its triangle to expand the list.)

For more details, click the Help button in the SSL Settings panel or see SSL Settings.

Return to beginning of Using Certificates section ]

 

View or Change Validation Settings

[Describes how use Validation Preferences.]

Return to beginning of Using Certificates section ]


5/9/2001

Copyright © 1994-2001 Netscape Communications Corporation.