Certificates


To set certificate options, start by going to Tools | Options | Advanced and then selecting Certficates. The Options screen with the Certificates option is shown in Figure F-1.

Figure F-1. The Options screen with the Certificates option displayed.


TOOL KIT: Getting a Digital Certificate of Your Own

If you're like me and 99% of other web surfers, you won't have bothered getting any certificates of your own. Most of the certificate features described in this appendix won't work unless you've already installed a certificate on your computer that identifies you.

Getting a digital certificate of your own isn't hard or expensive, and it's kinda cool. Stop in at http://www.cacert.org. They're lovely people, and you can get a number of different kinds of certificate for free. For a basic certificate, you need to provide information such as your full name, birthdate, email address, and a pass phrase. It'll take you ten minutes at the most, and you'll have a digital certificate that lets you encrypt emails and show that you're you. Voila!

You can also go to http://www.dekart.com or http://www.thawte.com for digital certificates if you like. (There's no reason you can't have one from each.)


Client Certificate Selection

As you can see from Figure F-1, the Certificates option has several features. The first, Client Certificate Selection, allows you to specify the certificate to use. By default, when Firefox and a website create a secure connection, Firefox automatically uses the appropriate certificate to identify you, as requested by the website. However, if you check Ask Every Time, you can tell Firefox which certificate to use, which lets you set the security level or use a certificate with specific information.

Manage Certificates

You can view stored certificates, import new ones, or back up and delete certificates using the Certificate Manager. Click Manage Certificates to display the Certificate Manager screen (shown in Figure F-2).

Figure F-2. The Certificate Manager screen showing the Your Certificates tab.


Firefox lists any certificates you have. You can use this screen to view certificates, back up all or selected certificates, and import or delete certificates. You can adjust the certificate display by clicking the icon at the end of the row of headings. From here, you can select which columns of information you wish to have appear.

You can view certificate information by highlighting the certificate you want to look at and clicking View. The Certificate Viewer (shown in Figure F-3) displays information about the selected certificate.

Figure F-3. The Certificate Viewer showing general information about a certificate.


FRIDGE

Whenever you're using a secure connectionwith an address starting https://you see a lock icon in the lower-right corner of the Firefox screen. If you hover the mouse pointer over the icon, you'll see who issued the certificate. Double-clicking the lock icon lets you view information about the website's digital certificate if it's using one.


If you don't feel like you're getting enough information on the General tab, you can display the Details tab. You can select individual elements of the certificate and display just those details on this screen. Figure F-4 shows an example of this.

Figure F-4. The Certificate Viewer showing detailed information about a certificate.


As with any other data, it's a very good idea to back up your certificates as a precaution against disk crashes and data corruption. To back up a certificate, highlight the certificate you want to back up and click Backup. In the standard dialog box, enter the filename and directory to back up the certificate to and click OK. The Choose a Certificate Backup Password screen appears. Enter a password for the certificate backupyou don't want just anyone to be able to use this, after alland then enter it again. As with the master password screen (shown in Chapter 2, Firefox rates the quality of your password on the password quality meter. An example appears in Figure F-5. After you click OK to complete the process, Firefox displays a small alert that tells you you've successfully backed up your certificates and private keys.

Figure F-5. The Choose a Certificate Backup Password screen.


If you need to restore a certificate that was previously backed up or you just want to install the certificate on another computer, click Import and open the certificate file using a standard open dialog box. When you click OK, you need to enter the certificate's backup password. Then Firefox imports the certificate information and updates the certificate list as necessary.

Finally, you can delete a certificate by highlighting the certificate and then clicking Delete and confirming the deletion.

If you have specifically requested certificates from other people, they'll show up on the Other People's tab (shown in Figure F-6). As with the preceding tab, you can view, edit, import, or delete certificates from this screen as well as change the column headings that appear in the table. Chances are very good that you'll never need to use this tab.

Figure F-6. The Certificate Manager screen showing the Other People's tab.


You can also have certificates for individual websites. These appear on the Web Sites tab, shown in Figure F-7. When you're downloading information from various websites and you encounter certificates, they'll show up in this screen. You won't see any certificates in this screen at first.

Figure F-7. The Certificate Manager screen showing the Web Sites tab.


As well as the usual view, import, and delete features, you can edit the certificate's information to tell Firefox if you trust the certificate. Highlight the certificate and click Edit to display the Edit web site certificate trust settings screen, shown in Figure F-8.

Figure F-8. The Edit web site certificate trust settings screen.


In this screen, you can tell Firefox to trust or not trust the authenticity of the certificate. If you trust the certificate, Firefox will subsequently access the website the certificate is for with no problems. If you do not trust the certificate, Firefox will display warning messages about the website the next time you visit it. If you don't trust the CA itself, you can click Edit CA Trust and edit the trust settings for the CA, as shown in a moment in Figure F-10.

Figure F-10. The Edit CA certificate trust settings screen.


The other tab on this screen that will have a lot of activity is the Authorities tab, shown in Figure F-9. The Authorities tab shows the CAs from whom you have accepted certificates. As with the other tabs, you can view, edit, import, or delete certificates and tweak the column display.

Figure F-9. The Certificate Manager screen showing the Authorities tab.


Caution

While you can delete a CA from this list, be really sure that you won't have a need for the information again. Once you delete a CA, Firefox won't trust any certificates issued by that CA.


You may also want to edit a certificate's trust settings to tell Firefox what you trust the CA to certify. Highlight the certificate and click Edit. The Edit CA certificate trust settings screen appears, as shown in Figure F-10. (You can also see this screen if you click Edit CA Trust on the Edit Website Certificate Trust Settings screen, shown earlier in Figure F-8.)

Although the default is for CAs to have authority to identify websites, mail users, and software makers, you may feel less confident about the authority and can specify that you trust the CA's certificates for websites and software makers, but not for mail users. Click OK to save any edits.

Manage Security Devices

The final selection for the Certificates option is for managing security devices. You can have a security device to store certificates and passwords as well as to encrypt and decrypt information. Click Manage Security Devices to display the Device Manager, as shown in Figure F-11.

Figure F-11. The Device Manager screen.


The Device Manager lets you identify security devices: any hardware and/or software device that stores information about you and your identity and that uses certificates and private keys to verify access. The security devices that the Device Manager can work with must also use the Public Key Cryptography Standard #11 (similar to the PKCS12 standard for certificate files). Smart cards are the most common type of security device, but there are many others for specialized applications.

FAQ: What the heck is a smart card?

A smart card is about the size and shape of a credit card, but the resemblance ends there. Instead of being solid plastic and having a magnetic strip, smart cards have an embedded microprocessor that's connected to a gold contact pad on one face of the card. This replaces the magnetic strip that appears on credit cards, a technology that is pretty easy to read or even modify. The microprocessor can store information such as certificates and private keys for encrypting and decrypting information.

You access the smart card through a smart card reader that's connected to your computer. Because of the certificates and private keys, the computer must provide the correct information before it can access any of the smart card's data, which makes smart cards substantially more secure than the magnetic strips on standard credit cards. Smart cards are typically used for credit cards and banking information, security and access systems, and wireless communication. They are still much more popular in Europe than they are in the U.S.


Figure F-11 shows the standard Firefox PKCS#11 module. You can think of modules as security device software drivers that tell Firefox how to interact with a security device. The NSS Internal FIPS module is a general module used for general security device data encryption and decryption and is a place for any software security device certificates.

Any security device you install will have its own software. When the device has been installed, you'll need to install the module in Firefox so that Firefox can communicate with it. Click Load to display the Load PCKS#11 Device screen, shown in Figure F-12.

Figure F-12. The Load PKCS#11 Device screen.


Browse for the module file, and then click OK to install it. When the installation is complete, the module appears in the list of security devices. You can remove a module from the list by highlighting the module and clicking Unload.

To further configure the security device, you'll probably need to log in to it through the Device Manager. Highlight the module or the device and click Log In, and then go through the login procedure. When you're done, be sure to click Log Out to prevent unauthorized access to the device.

By default, the standard modules in the Device Manager are already enabled for FIPS: Federal Information Processing Standards 140-1. FIPS is a U.S. government standard for data encryption and decryption. Many, but not all, security devices use FIPS. You can enable or disable FIPS for a module by highlighting the module and clicking Enable FIPS or Disable FIPS.



    Firefox and Thunderbird Garage (Garage Series)
    Firefox and Thunderbird Garage
    ISBN: 0131870041
    EAN: 2147483647
    Year: 2003
    Pages: 185

    Similar book on Amazon

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net