What should users verify before trusting an SSL certified website?
The SSL certificate must have a chain of trust back to a root CA the client trusts. The server certificate, and all the CA certificates in the certificate chain of trust, must have valid signatures. Every certificate is signed by the next-higher CA, except for a root CA, which signs its own certificate. The current date and time must be within the validity period of the server certificate, and of all the CA certificates in the certificate chain of trust. Every certificate has a validity period (a starting date and time and an ending date and time when the certificate is valid for use). The client must retrieve the CRLs from every CA in the certificate chain of trust and check to see if the server certificate or one of the subordinate CAs has been revoked by its next-higher CA. Top Technology: a) What is PKI? The PKI is a framework of policies, services, and encryption software that provides the assurances, users need before they can confidently transmit sensitive information over the I
