Get the LinuxSecurity news you want faster with RSS
Powered By
Security Dictionary
Can't tell 'smtp' from 'snmp'? Find the precise meaning of these and hundreds of other security-related terms in our convenient and up-to-date Security Dictionary.
certificate validation
(I) An act or process by which a certificate user establishes that
the assertions made by a digital certificate can be trusted. (See:
valid certificate, validate vs. verify.)
(O) "The process of ensuring that a certificate is valid including
possibly the construction and processing of a certification path,
and ensuring that all certificates in that path have not expired
or been revoked." [FPDAM]
(C) To validate a certificate, a certificate user checks that the
certificate is properly formed and signed and currently in force:
- Checks the signature: Employs the issuer's public key to verify
the digital signature of the CA who issued the certificate in
question. If the verifier obtains the issuer's public key from
the issuer's own public-key certificate, that certificate
should be validated, too. That validation may lead to yet
another certificate to be validated, and so on. Thus, in
general, certificate validation involves discovering and
validating a certification path.
- Checks the syntax and semantics: Parses the certificate's
syntax and interprets its semantics, applying rules specified
for and by its data fields, such as for critical extensions in
an X.509 certificate.
- Checks currency and revocation: Verifies that the certificate
is currently in force by checking that the current date and
time are within the validity period (if that is specified in
the certificate) and that the certificate is not listed on a
CRL or otherwise announced as invalid. (CRLs themselves require
a similar validation process.)
