I am not convinced that the second option is entirely true. The first option was marked as incorrect because of the "html" word. But the second option uses "official source" which is not mandatory.
Why the self-signed certificates could not be used in CLIENT-CERT authentication? (at page 595 in OCEJWCD Study Companion, this is presented as a possibility for internal networks and intranets)
About Question enthuware.jwpv6.2.990 :
Moderator: admin
-
Ciprian Mihalache
- Posts: 51
- Joined: Wed Sep 28, 2011 12:14 pm
- Contact:
-
admin
- Site Admin
- Posts: 10384
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.jwpv6.2.990 :
A user cant uses a certificate signed by himself. It has to be signed by the "official" CA for that network i.e. whoever is recognized for that network. By official, it means it can be by a CA local to the network, or company, or it can be a global CA such as verisign.
If a user was able to use self signed certificate, wont that defeat the whole purpose of verification? I can sign my own certificate but that has no validity because I can claim to be whoever I want to be and sign it as well.
HTH,
Paul.
If a user was able to use self signed certificate, wont that defeat the whole purpose of verification? I can sign my own certificate but that has no validity because I can claim to be whoever I want to be and sign it as well.
HTH,
Paul.
-
Ciprian Mihalache
- Posts: 51
- Joined: Wed Sep 28, 2011 12:14 pm
- Contact:
Re: About Question enthuware.jwpv6.2.990 :
I'm still not convinced.
I can create a certificate using "keytool" java utility. Then put the Public Key Certificate (PKC) on the server. Then, whenever I come to the server it will compare my declared PKC with the copy it already has. I'm not sure somebody else is able to provide the same PKC and still be able to communicate with the server (because in the encryption of the message is involved somewhere a private key). This is the procedure explained in OCEJWCD Study Companion, and nowhere is involved a third party actor.
Of course, if the possibility to make the server store my own PKC makes me an "official", then, of course, the answer is correct.
I can create a certificate using "keytool" java utility. Then put the Public Key Certificate (PKC) on the server. Then, whenever I come to the server it will compare my declared PKC with the copy it already has. I'm not sure somebody else is able to provide the same PKC and still be able to communicate with the server (because in the encryption of the message is involved somewhere a private key). This is the procedure explained in OCEJWCD Study Companion, and nowhere is involved a third party actor.
Of course, if the possibility to make the server store my own PKC makes me an "official", then, of course, the answer is correct.
-
admin
- Site Admin
- Posts: 10384
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.jwpv6.2.990 :
Not any random user can can put his PKC on your server. You are able to put it because you are the owner/administrator. But the issue pertains to the users of your server/application, not you.
HTH,
Paul.
Yes, since it is on your authority that the server recognizes its users, you are the official source. The users would have to get their certificates signed by you to be able to access your server. You act as the official CA for the server.Ciprian Mihalache wrote: Of course, if the possibility to make the server store my own PKC makes me an "official", then, of course, the answer is correct.
HTH,
Paul.
Who is online
Users browsing this forum: No registered users and 5 guests