Digital Certificates
Digital certificates
are used to establish strong security in an information system. Digital
certificates provide four services to the user. They include integrity
validation, strong authentication, nonrepudiation (these three together
make up a digital signature), and confidentiality.
Note
A Note About Digital Certificates
Digital certificates are based on the International Organization for
Standardization’s (ISO’s) X.509 standard and are the vehicle used to
commute or relay trust in any Public Key Infrastructure (PKI)
environment. Digital certificates add the element of trust to the
functionality of asymmetric key cryptography.
When you visit a website that
uses HTTPS (HTTP over Secure Sockets Layer—SSL), the first thing the web
server does is send you its digital certificate. Your browser validates
several components of the certificate, and if all checks out, you use
the certificate to establish the encrypted SSL channel. Several of these
validation checks can be configured on the Advanced tab of Internet
Options. A relatively common
certificate error occurs when the name on the certificate does not match
the name of the web server you are attempting to connect to, as shown
in Figure 9.
Another
validation check that is performed is to see if you trust the
Certificate Authority (CA) that issued the certificate. If you don’t
trust the issuing CA of the certificate, a certificate warning is
presented that allows you to view the problematic certificate, stop your
connection attempt, or proceed.
Exam Alert
There
is usually another check box labeled Always Trust Content From on the
warning that allows you to trust content from the currently untrusted
website. This option actually imports the certificate into a special
certificate store called the Trusted Root Certification Authorities. So
if you don’t want to see this warning from this site again, import the
certificate into the Trusted Root Certification Authorities store. You
can access this store from the Content tab of the Internet Options by
clicking the Certificates button, as shown in Figure 10.
Alert
From
the Content tab of the Internet Options, you can import the website’s
digital certificate into the Trusted Root Certification Authorities
store. IE caches the certificate status when it first receives the
certificate from the website.
If
you want to ensure that you do not receive the warning again after you
complete the import, you need to close and then reopen Internet
Explorer. Now when you access the HTTPS website, IE checks the status of
the certificate and recognizes that the source of the certificate is
trusted. No more warnings.
Clear the Browsing History, Cached Content, Cookies, Forms Data, and Saved Passwords
To improve
performance and make your browsing experience easier and more feature
rich, IE7 stores lots of data about your browsing activities. If you
share the computer, or if the computer gets infected with malware or,
even worse, is compromised by the bad guys, this information might wind
up in undesirable hands. To protect against this happening, you might
want to regularly purge your system of this data. IE7 makes this an easy
thing to do.
Caution
Deleting Cached Content
When you delete this content, you lose potentially useful information
that simplifies your getting around the Internet and information that
gets automatically fed to websites. This information could include
websites that you visit regularly, username, password, credit card
information, forms data, and more.
Deleting this content
could be problematic for some users. You may need to re-enter that
information the next time you visit the website, assuming you know the
information.
Understand the type of stored
data you use in your browsing habits and requirements, and then decide
whether you really want to delete this data.
On the General tab of Internet Options, under Browsing history, click the Delete button. This brings up the Delete Browsing History dialog box, as shown in Figure 11.
