I.T. Hints & Tips®™©

  
Windows XP
Title 1
Title 2
Title 3
Title 4
Title 5

Office XP
Title 1
Title 2
Title 3
Title 4

Windows 9X
Title 1
Title 2
Title 3
Title 4
Title 5

Office 2000
Title 1
Title 2
Title 3
Title 4
Title 5

Internet Explorer 6.X
Title 1
Title 2
Title 3
Title 4
Title 5

Internet Explorer 5.X
Title 1
Title 2
Title 3
Title 4
Title 5

 

  

Using Internet Explorer 6 >>

How-to Articles

Read articles about how to customise and configure Internet Explorer 6 features
ON THIS PAGE

Using Digital Certificates

Related Links

Authentication is crucial to secure communications. Users must be able to prove their identity to those with whom they communicate and must be able to verify the identity of others. Authentication of identity on a network is complex because the communicating parties do not physically meet as they communicate. This can allow an unethical person to intercept messages or to impersonate another person or entity. A method must be worked out to maintain the necessary level of trust within the communication process.

The digital certificate is a common credential that provides a means to verify identity. A certificate is a set of data that identifies an entity. A trusted organization assigns a certificate to an individual or an entity that associates a public key with the individual. The individual or entity to which a certificate is issued is called the subject of that certificate. The trusted organization that issues the certificate is a Certification Authority (CA) and is known as the certificate's issuer. A trustworthy CA will only issue a certificate after verifying the identity of the certificate's subject.

Using digital certificates can protect your security when dealing with personal or financial transactions on the Internet because they bind the identity of the certificate owner to a pair (public and private) of electronic keys that can be used to encrypt and sign information digitally. These electronic credentials assure that the keys actually belong to the person or organization specified. Protecting your privacy and security is especially important in Internet Explorer.

You can install certificates and configure certificate settings for Internet Explorer by using the following methods:

  • Within the browser, you can use the Internet Explorer Certificate Manager to install certificates. You can also configure advanced security options for certificates on the Advanced tab in the Internet Options dialog box.
  • You can use the Internet Explorer Customization Wizard to create custom packages of Internet Explorer that include preconfigured lists of trusted certificates, publishers, and CAs for your user groups. If you are a corporate administrator, you can also lock down these settings to prevent users from changing them.
  • After deploying the browser, you can use the IEAK Profile Manager to manage certificate settings through the automatic browser configuration feature of Internet Explorer. You can automatically push the updated information to each user's desktop computer, enabling you to manage security policy dynamically across all computers on the network.

The options for configuring certificates are the same whether you gain access to them from Internet Explorer 6, the Internet Explorer Customization Wizard, or the IEAK Profile Manager.

NOTE Outlook Express also includes certificates, called digital IDs, which can be configured separately within the e-mail program.

Installing and Removing Trusted Certificates

The Internet Explorer Certificate Manager enables you to install and remove trusted certificates for clients and CAs. Many CAs have their root certificates already installed in Internet Explorer. You can select any of these installed certificates as trusted CAs for client authentication, secure e-mail, or other certificate purposes, such as code signing and time stamping. If a CA does not have its root certificate in Internet Explorer, you can import it. Each CA's Web site contains instructions that describe how to obtain the root certificate. You may also want to install client certificates, which are used to authenticate users' computers as clients for secure Web communications.

To install or remove clients and CAs from the list of trusted certificates

  1. On the Tools menu, click Internet Options, and then click the Content tab.
  2. Click Certificates.
  3. Click one of the following tabbed categories for the type of certificates you want to install or remove:
    • Personal. Certificates in the Personal category have an associated private key. Information signed by using personal certificates is identified by the user's private key data. By default, Internet Explorer places all certificates that will identify the user (with a private key) in the Personal category.
    • Other People. Certificates in the Other People category use public key cryptography to authenticate identity, based on a matching private key that is used to sign the information. By default, this category includes all certificates that are not in the Personal category (the user does not have a private key) and are not from CAs.
    • Intermediate Certification Authorities. This category contains all certificates for CAs that are not root certificates.
    • Trusted Root Certification Authorities. This category includes only self-signed certificates in the root store. When a CA's root certificate is listed in this category, you are trusting content from sites, people, and publishers with credentials issued by the CA.
    • Trusted Publishers. This category contains only certificates from trusted publishers whose content can be downloaded without user intervention (unless downloading active content is disabled in the settings for a specific security zone).
  4. In the Intended Purpose box, select the filter for the types of certificates that you want to be displayed in the list.
  5. Work with particular certificates through one of the following methods:
    • To add other certificates to the list, click Import. The Certificate Manager Import Wizard steps you through the process of adding a certificate.
    • To export certificates from the list, click Export. The Certificate Manager Export Wizard steps you through the process of exporting a certificate.
    • To specify the default drag-and-drop export file format (when the user drags a certificate from the Certificate Manager and drops it into a folder), click Advanced.
    • To delete an existing certificate from the list of trusted certificates, click Remove.
    • To display the properties for a selected certificate, including the issuer of the certificate and its valid dates, click View.

Adding Trusted Publishers

To designate a trusted publisher for Internet Explorer, use the Security Warning dialog box that appears when you attempt to download software from that publisher. Active content that is digitally signed by trusted publishers with a valid certificate will download without user intervention, unless you have disabled the downloading of active content in the settings for a specific security zone.

To add a trusted publisher

  1. Use Internet Explorer to download signed active content from the publisher.
  2. When the Security Warning dialog box appears, select the Always trust content from trusted publisher check box.
  3. To download the software and control and add the publisher to the list of trusted publishers, click Yes.

Configuring Advanced Security Options for Certificate and Authentication Features

You can easily configure options for certificate and authentication features that your users may need.

To configure advanced security options for certificates

  • On the Tools menu, click Internet Options, and then click the Advanced tab.
  • In the Security area, review the selected options.
  • Depending on the needs of your organization and its users, select or clear the appropriate check boxes.
Using Internet Explorer 6 >>
To top of page

 

  


Holidays


 Flight
Booking


Computer & World Wide Web Internet Security

 
CD WOW! - Get the Cheapest CD & DVD Music and Films on the Net