Hi, On 06/05/06, Severin Crisp <[EMAIL PROTECTED]> wrote:
Buying from a secure site with Safari I got the message that the site was not recognised because it had not renewed its security certificate. How do these work?
Computers need some way of establishing 'trust" between a client and a server. For this purpose, web browsers or operating systems come pre-loaded with certificates of "trusted certificate authorities". (These are not the website certificates.) Individual websites then apply to a trusted certificate authority to have a site certificate issued. After verification of bona fides, a password-protected site certificate is issued. When you visit a site with a site certificate from a trusted certificate authority, the computer infers that the certificate (and hence the website) can be trusted. The site certificate therefore does its best to give you two things: confirms that you are connecting to the real site (not a phishing site), and that the transmission is encrypted. Certificates remain valid for a limited amount of time (probably 12 months), after which they expire and, if trust can still be demonstrated, can be renewed. The trusted certificate authorities also have a limited lifetime, but get upgraded at the same time as your software. An expired certificate is perhaps not as bad as a certificate from a non-trusted authority. However, an expired certificate may have been stolen or re-appropriated (albeit unlikely). If you wish to view the certificate authorities that Safari trusts, go to Keychain Access and open X509Anchors (X.509 is the certificate standard). James.