Appendix F. Security, Certificates, and Validation

After dealing with so many IE security patches, I simply can't believe how solid and secure Firefox is. Firefox's default security and privacy options (described in Chapter 2, "Protecting Your Security and Privacy") will work for maybe 9598% of all users. But if you're the kind of person who wants the maximum in program security, this appendix tells you how to set some additional security options and work with digital certificates.

Digital certificates (or certificates) are a kind of digital passport used by your browser to uniquely identify web servers. The certificate is usually issued by a certificate authority (CA) that is recognized as an independent and trustworthy issuing organization. VeriSign is probably the best-known CA, but there are many others.

FRIDGE Certificate files are usually created using a type of encryption known as PKCS12, where "PKCS" is Public Key Cryptography Standards and the "12" refers to a subsection of the standard that deals with private and public key encryption in certificates. It's more than you probably needed to know about the inner workings of certificates.

Each certificate contains, at a minimum, the owner's name/alias, the certificate's serial number and expiration date, the name of the CA, the digital signature of the CA, and the owner's public key, which is a unique encryption key to which anyone can have access (rather like a phone number). The corresponding private key is known only to the owner of the certificate. By putting these two keys together, information exchanged by the website and the browser can be encrypted and decrypted.