CA:FAQ: Difference between revisions

CA:FAQ (view source)

Revision as of 21:30, 25 August 2011

5 bytes removed , 25 August 2011

m

→‎Why does Mozilla include a default set of CA certificates?

Kathleen Wilson

Confirmed users, Administrators

5,526

edits

@@ Line 42: / Line 42: @@
 Mozilla as distributed includes various CA certificates by default, in order to reduce the amount of configuration users have to do before they can use Mozilla for these cryptographic-based functions.
-As discussed in the answer to the previous question, in order to verify a certificate for a web server, email user, or code developer, Mozilla must thus have the certificate for the CA that issued (i.e., digitally signed) the certificate being verified. If the CA is an intermediate CA then Mozilla must also have the certificate for the CA that issued the intermediate CA's certificate, in order to verify that certificate as well. This other CA may be a root CA or yet another intermediate CA; in the latter case yet another CA will be involved, and so on.
+As discussed in the answer to the previous question, in order to verify a certificate for a web server, email user, or code developer, Mozilla must have the certificate for the CA that issued (i.e., digitally signed) the certificate being verified. If the CA is an intermediate CA then Mozilla must also have the certificate for the CA that issued the intermediate CA's certificate, in order to verify that certificate as well. This other CA may be a root CA or yet another intermediate CA; in the latter case yet another CA will be involved, and so on.
 Mozilla continues verifying certificates until it comes to a point where it needs a root CA certificate, corresponding to the root CA that issued the original web server, etc., certificate or that issued an intermediate CA's certificate. Since root CA certificates are self-signed, Mozilla can verify such a certificate using the public key in the root CA certificate itself, and if that verification completes successfully then the process is done.