Forum Moderators: buckworks
I have always used Verisign or Thwate in the past, and when setting up the certificate, I only used the private key and the certificate key. I never provided the Certificate Authority (CA) Key when creating the certificate.
Recently I got a certificate from Comodo, and they actually told me to type a CA key (actually two keys) in the CA field as it is a chained certificate.
I didn't do this, as I didn't read the instructions, until I was curious, why then sent me some extra keys (the CA keys).
So my question is,
a)
is the CA key only used at the time of certificate creation, and these CA keys were stored on my Server (Linux Fedora Core 2), and the information was retrieved from the database?
or b)
The CA key is used by the client browser, and some users with old browsers will get some warning message?
or c)
some other horrible thing will happen?
>> is the CA key only used at the time of certificate creation
No. The public key is critical to the SSL function.
>> The CA key is used by the client browser
Yes.
>> and some users with old browsers will get some warning message?
If the key initiates 128bit encryption and the older browsers only support lower encryption levels then yes.
>> something horrible
If you don't use the certificate issued by the CA then you're in effect acting as your own CA (if you server does indeed have a default certificate installed). Won't your customers be surprized to open it up and see what's inside.
For more info: http://www.verisign.com/ssl/ssl-information-center/faq/ssl-basics.html
