There are four
types of certificates available from the IECA/ECAs: identity, encryption,
component, and mobile code certificates. To enable subscribers to understand
the type of certificate they need for the application they are using, the
following guidelines may be helpful.
Identity certificate: A certificate that a person uses to authenticate
himself or herself to a PKI-enabled application, such as a secure web server.
Identity certificates may be used for non-repudiation purposes, i.e., transactions
that have been signed by an identity certificate may be legally linked to
the owner of that certificate. The certificate may also be used for secure
and authenticated email. For that reason, it is important that the
owner of an identity certificate protect his or her private key, and not
allow others to access or use it. Subscribers that require a higher
level of assurance may wish to purchase a hardware-based certificate.
Encryption certificate: A certificate that may be used for encrypting
e-mail. When encrypting e-mail messages, the sender uses the certificate
of the recipient(s), and the recipient decrypts the message using his or
her private key.
Component certificate*: A certificate that a computer on a network,
usually a web server, uses to identify itself to other computers. It also
includes the public key, which is required in order for web browsers to set
up a secure encrypted connection with the server. Any web server that offers
secure connections (https, SSL, or TLS) must have a server certificate.
*Note: Most IECA/ECA Subscribers will only require IECA/ECA
Identity certificates for use with their browsers. However, some
organizations may need an IECA/ECA Server Certificate, e.g. to set up
a company extranet that DoD personnel would visit. To determine
whether you require an IECA/ECA Server certificate, refer to the following
document, “IECA Server Certificates: Guidance
for Issuing Server Certificates to DoD Vendors, dated March 2001”
Mobile Code
certificate: A certificate used for signing mobile code that resides
on a web server. This certificate is used to sign mobile code that
is downloaded from a web server by users. Users can validate the
certificate used to sign the mobile code and determine whether to trust
it.
The following
table summarizes the certificate offerings from the 1 ECA and 2 IECA
Vendors.
ECA Vendor
|
Identity |
Encryption |
Server/
Component |
Mobile Code |
Software |
Hardware |
Software |
Hardware |
ORC |
|
|
|
|
|
|
IECA Vendors
|
|
|
|
|
|
|
Verisign |
|
|
|
|
|
|
DST |
|
|
|
|
|
|
Once you have determined the type(s) of certificate(s)
you require and the vendor you would like to register with for obtaining
the certificate(s), you can proceed to
3.
Where do I go to download the certificate and how do I configure
my system to use this certificate.
Please read our Security and Privacy Notice
Last updated on
30 July 2004
|