Talk:Public key certificate

Cryptography: Computer science Top‑importance

	This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles
Top	This article has been rated as Top-importance on the importance scale.
	This article is supported by WikiProject Computer science (assessed as Mid-importance).

Computing: Networking / Software Low‑importance

	This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
Low	This article has been rated as Low-importance on the project's importance scale.
	This article is supported by Networking task force (assessed as Mid-importance).
	This article is supported by WikiProject Software (assessed as Low-importance).

Computer Security: Computing High‑importance

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles

High

This article has been rated as High-importance on the project's importance scale.

This article is supported by WikiProject Computing (assessed as Low-importance).

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Contents of a Typical Digital Certificate[edit]

Should Public Key Algorithm be included in this section as well?--71.104.234.203 (talk) 01:20, 1 May 2009 (UTC)[reply]

Self-referencing Definition[edit]

"...a public key certificate (or identity certificate) is a certificate..."

Isn't that a bit like saying, "A roundle blomfin is a blomfin..."

If you don't know what a 'blomfin' is, then the explanation of what a 'roundle blomfin' is won't get you very far.

81.187.233.162 15:18, 27 April 2007 (UTC)[reply]

Good point. I tried to clarify.--agr 16:18, 27 April 2007 (UTC)[reply]

If you link to "blomfin" in the sentence, though, the user can get that information if they do not need it. That way, the information is not duplicated. Should we describe what a certficate is on a page other than "certificate"? Dprust 17:54, 11 May 2007 (UTC)[reply]

Removed from criticism[edit]

I removed this section because it has the look and feel of a shameless plug coupled with being-written-in-five-seconds-ism. In particular, notice the lowercase "i" in the quoted text:

Public key certificates are often used for web server identification (eg. https protocol). Usually people don't understand the security model of public key certificates and neglect to read the alert information. This would result eg. in phishing attacks, when the phishing site's certificate was issued by an untrusted CA, the user click on the "go on, i want to use the application" button, and at the end the user trusts the phishing site, because "he/she can see the security lock in the bottom of the browser". There are a lot of other critics for PKI by Peter Gutmann.

I figured it was best to move it to the discussion page for, well, discussion. =) As is, it's pretty bad. Change it or lose it? --69.233.2.125 05:16, 28 September 2007 (UTC)[reply]

This problem is definitely worthy of mention, but Peter Gutmann should probably stay out of it. And yes, the text should be rewritten in a more appropriate manner. -- intgr [talk] 16:37, 28 September 2007 (UTC)[reply]

File Formats?[edit]

Some hints about file formats would be appreciated: pem, crt, csr, cert, key, wtf? convertible? —Preceding unsigned comment added by 134.147.252.130 (talk) 08:58, 18 August 2008 (UTC)[reply]

That is Here in the article on X.509--Stuart Ward UK (talk) 12:53, 23 January 2013 (UTC)[reply]

Certificate Authority vs. Provider[edit]

The section "Certificates and web site security" refers to "certificate provider". This is the same as CA, right? Leotohill (talk) 04:09, 4 December 2008 (UTC)[reply]

Change from EV to non-EV certificate[edit]

The article says: "A web browser will give no warning to the user if a web site suddenly presents a different certificate, even if that certificate has a lower number of key bits, even if it lacks Extended Validation". I have not tested this but I would fully expect that if a site changed from an EV certificate to a non EV certificate that the "green bar" would no longer be displayed. -- Q Chris (talk) 08:12, 27 June 2012 (UTC)[reply]

You are correct, the green bar is in fact no longer displayed.^{[citation needed]} Zell Faze (talk) 20:11, 30 October 2013 (UTC)[reply]

Image is not visible[edit]

The main image with caption "Diagram of an example usage of digital certificate" is not visible at all. — Preceding unsigned comment added by 27.34.251.34 (talk) 06:33, 7 March 2016 (UTC)[reply]

Structure and Global Perspective[edit]

I suggest to improve 2 issues:

Structure: The Intro is overloaded. On the other side a clear description section is missing. The intro does not state any reference at all...
Global Perspective: On the one hand, the article emphasizes the role of certificates in the TLS, on the other hand it only speaks of the European Union. What about the Americas, Asia, Africa, Australia? Needs modification.

I would appreciate your suggestions and then start improving the article.

ScienceGuard (talk) 09:53, 8 June 2016 (UTC)[reply]

TLS/SSL server certificate - self-signed certificates[edit]

A TLS server may be configured with a self-signed certificate. When that is the case, clients will generally be unable to verify the certificate, and will terminate the connection unless certificate checking is disabled.

From what I know, this is not quite true. Instead, I would say "unless the self-signed certificate is accepted, or certificate checking is disabled". The self-signed certificate can be accepted, in which case certificates are still checked, for this site and for others.

Is someone with particular expertise in this area able to comment?

Briancole01 (talk) 06:48, 27 July 2017 (UTC)[reply]

The self-signed certificate can be accepted Techiq (talk) 18:08, 23 January 2018 (UTC)[reply]

Root certificates are also always self-signed and self-issued. But they ARE trusted. So... 2A00:1FA0:2A6:F862:80C7:A998:A272:2F11 (talk) 19:10, 4 March 2021 (UTC)[reply]

Public-key owner authenticity check[edit]

Add please information on server's public key authenticity checking algorithm. It's still unclear how does it work. 109.206.156.72 (talk) 17:19, 30 January 2018 (UTC)[reply]

Proving key ownership fix[edit]

“In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the ownership of a public key.”

It’s my understanding that anyone can have the public key, hence proving its ownership makes little sense. It’s the ownership of the private key what we are trying to prove.

I would like to propose that change. This is my first time on wikipedia, and I don’t dare to make that change directly, until fully understand proper interaction with the community.

Mariano.Kunzi (talk) 15:39, 21 November 2020 (UTC)[reply]

There are two issues with that sentence: first of all that link back then (and now) did not have this defintion. Second of all the identity and ownership of the private key is very hard to see (but possible due to certificate transperency and the fact you can very simply get a public key from private key in openssl). Private key does not have the domain name! It is just the numeric stuff. It is not only the private/public key that identify the site or a person! It is CA or some kind of other (government) authority. And it is done by public key's signature. 2A00:1FA0:2A6:F862:80C7:A998:A272:2F11 (talk) 19:03, 4 March 2021 (UTC)[reply]

A certificate cannot sign[edit]

"A root certificate or another intermediate certificate needs to sign it." Is incorrect. A certificate cannot sign. Suggested rewrite: A trust anchor or another intermediate entity needs to sign it. ~~ 192.176.1.79 (talk) 12:28, 15 November 2022 (UTC)[reply]

Merge proposal of Wildcard Certificate[edit]

I propose merging Wildcard certificate into Public key certificate. Use of * does not make it special enough for be its own article, which is the root cause behind many issues in the Wildcard certificate article. This should be carried out by an expert (I'm not) to make sure everything useful in that article is incorporated into this one. ACaseOfWednesdays (talk) 15:30, 27 November 2023 (UTC)[reply]