<
 
 
 
 
×
>
hide
You are viewing a Web site, archived on 02:24:20 Oct 15, 2004. It is now a Federal record managed by the National Archives and Records Administration.
External links, forms, and search boxes may not function within this collection.
Interim External Certification Authorities

HOME

IECA/ECA VENDORS DOCUMENTS LINKS FAQs

 

2. CERTIFICATE TYPE


There are four types of certificates available from the IECA/ECAs: identity, encryption, component, and mobile code certificates. To enable subscribers to understand the type of certificate they need for the application they are using, the following guidelines may be helpful.

Identity certificate: A certificate that a person uses to authenticate himself or herself to a PKI-enabled application, such as a secure web server. Identity certificates may be used for non-repudiation purposes, i.e., transactions that have been signed by an identity certificate may be legally linked to the owner of that certificate. The certificate may also be used for secure and authenticated email.  For that reason, it is important that the owner of an identity certificate protect his or her private key, and not allow others to access or use it.  Subscribers that require a higher level of assurance may wish to purchase a hardware-based certificate.

Encryption certificate: A certificate that may be used for encrypting e-mail. When encrypting e-mail messages, the sender uses the certificate of the recipient(s), and the recipient decrypts the message using his or her private key.

Component certificate*: A certificate that a computer on a network, usually a web server, uses to identify itself to other computers. It also includes the public key, which is required in order for web browsers to set up a secure encrypted connection with the server. Any web server that offers secure connections (https, SSL, or TLS) must have a server certificate.

*
Note: Most IECA/ECA Subscribers will only require IECA/ECA Identity certificates for use with their browsers.  However, some organizations may need an IECA/ECA Server Certificate, e.g. to set up a company extranet that DoD personnel would visit.  To determine whether you require an IECA/ECA Server certificate, refer to the following document, IECA Server Certificates: Guidance for Issuing Server Certificates to DoD Vendors, dated March 2001

Mobile Code certificate: A certificate used for signing mobile code that resides on a web server.  This certificate is used to sign mobile code that is downloaded from a web server by users.  Users can validate the certificate used to sign the mobile code and determine whether to trust it.

The following table summarizes the certificate offerings from the 1 ECA and 2 IECA Vendors.
 
ECA Vendor
Identity Encryption Server/
Component
Mobile Code
Software Hardware Software Hardware
ORC
IECA Vendors






Verisign        
DST        

Once you have determined the type(s) of certificate(s) you require and the vendor you would like to register with for obtaining the certificate(s), you can proceed to

3.  Where do I go to download the certificate and how do I configure my system to use this certificate.



Please read our Security and Privacy Notice

Last updated on 30 July 2004
 




Home Search
Webmaster:IA-web@ncr.disa.mil
Page Revised 02-Aug-04