Cryptography Tutorials - Herong's Tutorial Notes
Dr. Herong Yang, Version 4.00

Using Certificates with Web Browsers

Part:   1  2  3 

This chapter describes:

  • Why Using Certificates with Browser?
  • Exporting Certificates Out of Internet Explorer (IE)
  • Importing Certificates into IE
  • View Certificates in FireFox
  • Importing Certificates into FireFox

Why Using Certificates with Browser?

In previous parts of the book, we have learned how to generate certificates. Now let's see how we can use certificates with Web browsers.

The first question we need to ask is why do we need certificates in a Web browser? The answer is that many Web sites supports SSL (Secure Socket Layer).

When a Web browser reaches a SSL enabled Web site (URL starts with https://), the server will send a certificate, called server certificate, the Web browser. The subject of the server certificate represents the server. The browser is expected to trust the server certificate, or validate it with a trusted certification path.

A SSL enabled Web site may also ask the Web browser to send back a certificate, called client certificate, to identify the client, so that the server can validate the client.

So a Web browser needs to have certificates for two purposes:

  • To form a certification path to validate the server certificate.
  • To identify client, if the server wants to do client certification.

There is only one case where the Web browser doesn't need any certificate, even if the server is SSL enabled:

  • The server is not asking client certification, and you let the Web browser trust the server certificate automatically.

Exporting Certificates Out of Internet Explorer (IE)

Now we know why a Web browser needs have certificates. Let's see how can we look at the certificates stored the Internet Explorer (IE).

1. Open IE 6.0, and go to the "Tools / Internet Options..." menu option. The Internet Options dialog box shows up.

2. Go to the Content tab, and click the "Publishers..." button in the Certificates section. The Certificates dialog box shows up.

3. Go to "Trusted Root Certification Authorities" tab. You should see a list of certificates that come with the IE installation. All certificates listed on this tab are automatically trusted.

4. Select "VeriSign Trust Network" with expiration date of 8/1/2028, and click the "View" button. The Certificate dialog box shows up.

5. You should see 3 tabs: General, Details, and Certificate Path. Review them. You should find some interesting information on this certificate.

6. Go to the Details tab, and click the "Copy to File..." button. The Certificate Export Wizard shows up.

7. Click Next, and select "DER encoded binary X.509 (.CER)" as the export file format.

8. Click Next, and enter a file name: \verisign1.cer.

9. Click Finish. The selected certificate will be exported into the specified file.

(Continued on next part...)

Part:   1  2  3 

Dr. Herong Yang, updated in 2007
Cryptography Tutorials - Herong's Tutorial Notes - Using Certificates with Web Browsers