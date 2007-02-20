Computer Help forum

I just installed 2 CAs for my university and I'm fine with that but I went into options under Tools in Firefox 2.0 and I went to advanced and came across dozens of other certificates. I do not remember accepting so many certificates. Some are from ValiCert, beTrusted, AddTrust, ACCamerfirma,Comodo CA Limited, EnTrust, just to name a few.. Can these harm anything? I do not really understand the purpose of CAs.

Can I delete them all except for the one for my university and if I do will it just ask me to accept them again depending on the site that needs the CA to be downloaded??

Thank you..

Certificates
by Stan Chambers / February 20, 2007 1:53 PM PST
In reply to: I'm curious..?

Google seems to reveal that these are legit. If you have doubts, just type the name in Google to verify.

Certificates 2.
by Cursorcowboy / February 20, 2007 9:35 PM PST
In reply to: I'm curious..?

1. Many sites use certificates as part of a system for securing online transactions where you'll see an https:// as opposed to the standard http:// in the Web site address. (Your browser may display an alert that you are about to view pages over a secure connection.) At the same time, in the second box from the lower right of Internet Explorer, you'll see the "lock" (click to see a screen shot) which you can double-click to displays the security certificate for that site. When you check the certificate, the domain name following Issued to should match the domain site name in the address bar that you think you are on. If the name is different, you may be on a spoofed site.

2. Security and Certificates:

a. Valid only for the period of time specified within -- every certificate contains Valid From and Valid To dates that set the boundaries of the validity period. Once a certificate's validity period has passed, a new certificate must be requested by the subject of the "now-expired certificate" (Click to see screenshot - Autoenrollment Settings Properties).

b. One of the main benefits of certificates is that hosts no longer have to maintain a set of passwords for individual subjects who need to be authenticated as a prerequisite to access and use. Computers must be able to exchange information with a high degree of confidence in the identity of the other device, service, or person involved in the transaction.

c. Certificates can also be used to verify the authenticity of software code download from the Internet, install from a company intranet, or purchased on CD-ROM and install on a computer. Unsigned software--software that does not have a valid software publisher's certificate--can pose a risk.

d. There are four basic sources for the certificates found in the "certificate stores" (click to see a screen shot):

? Certificates included during the installation of Windows XP and came on the Windows XP CD.

? Application such as an Internet browser to engage in a SSL session, during which certificates are stored on your computer after establishment of trust.

? Chosen certificates when installing software or receive an encrypted or digitally signed e-mail from others.

? Certificates requested from a certification authority, such as a certificate needed to access specific organizational resources.

e. Supplemental reading: "Internet Explorer Connectivity and Certificate Display Issues (Q811383)."

f. It is not always desirable to use one set of credentials which roam ? part of the user's profile and encrypted (%Userprofile%\Application Data\Microsoft\SystemCertificates\My\Certificates) ? for access to different resources ensuring that if one password is compromised it does not compromise all security. Group Policy allows you to limit use of the Stored User Names and Passwords. In the Group Policy MMC snap-in:

(1) Double-click the Security Options folder (Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options).

(2) Right-click Network access: Do not allow storage of credentials or .NET Passports for network authentication, click Enabled, and then click OK, [Troubleshooting Certificate Status and Revocation].

Note: The certificates are stored in a location known as a certificate store -- the machine store used by the computer and the user store or My store used by the currently logged on user.

(3) "Behavior of Stored User Names and Passwords (Q281660)."

(4) "HOW TO: Manage Stored User Names and Passwords on a Computer That Is Not in a Domain in Windows XP (Q306541)."

(5) "HOW TO: Manage Stored User Names and Passwords on a Computer in a Domain in Windows XP (Q306992)."

(6) "How to create and use a password reset disk for a computer that is not a domain member in Windows XP (Q305478)."

