Windows Vista: The Complete Reference (Complete Reference Series)

Browsers store certificates , cryptographic data that can identify your computer to remote computers or vice versa. Certificates are issued by certificate authorities , each of which has its own certificate. Internet Explorer comes with about 30 authority certificates that you can use to check that the certificates presented to your computer by other sites are, in fact, issued by known certificate authorities. To provide secure communication with a remote web site, Internet Explorer uses Secure Sockets Layer (SSL) to provide a variation of the standard HTTP web protocol, called HTTPS . Web servers that use HTTPS are called secure servers.

You can also acquire a personal certificate to use to identify yourself when Internet Explorer or another browser contacts a web site. The most widely used authorities for personal certificates are VeriSign, at http://www.verisign.com, and Thawte (which is owned by VeriSign), at http://www.thawte.com. See RSA Data Security's list of questions and answers at its web site at http://www.rsasecurity.com/rsalabs/faq for more information about certificates.

New applets usually are digitally signed by their authors; that is, each applet includes certificate information that identifies the applet's author and verifies that the applet wasn't tampered with since the author signed it. Unfortunately, the cost of Microsoft's certification process means that many perfectly safe applets won't be signed and will trigger a warning message when you install them.

Browsing the Web Securely

Internet Explorer handles communication security by using SSL to encrypt messages sent to and from remote servers and by using certificates to verify who the party is at the other end of a connection. For example, you use this type of security when you place a credit card order with a web-based retailer that uses a secure web server. For the most part, SSL works invisibly , with all the security validation happening automatically.

You can tell whether the current page is secure in the following ways:

Whenever your browser opens an HTTPS connection to a server that supports SSL, the server presents a certificate to your computer. If the certificate is validated by one of the authority certificates known to your browser, and the name on the certificate matches the name of the web site, the browser uses the connection and displays web pages as usual. If either of those checks fails, the browser warns you and gives you the option to continue. You see a Security Alert or similar dialog box when your browser can't validate a remote site's certificate. If you trust the source of the file that you are downloading, you can tell Windows to continue and use the connection despite the warning.

Using Object Certificates when Downloading Files

Whenever Internet Explorer retrieves a web page that uses a hitherto unknown ActiveX control or Java applet, Internet Explorer checks to see whether your download security settings permit you to download it (see "Controlling Your Download Security" earlier in this chapter). If your settings don't permit the download, Internet Explorer warns you and doesn't download the file.

Unless a site is in the Trusted Sites zone (in which case Internet Explorer accepts the applet without question), Internet Explorer checks the certificate with which the program is signed and displays the Security Warning dialog box. You see who the signer is and who verified the signature. If the signer is someone you're inclined to trust, such as a large reputable organization or someone you know personally , click Yes to accept the applet. If you expect always to accept applets from this signer, click the Always Trust Content From This Signer's Name check box at the bottom of the dialog box to tell Internet Explorer not to ask about signatures from this signer in the future. (If you check the box and later change your mind, the list of signers you've checked is in the Internet Properties dialog box; click the Content tab and click Publishers to examine and change the list.)

Managing Certificates from Certificate Publishers

If you expect to download many programs (or display web pages that contain applets), you will end up with a collection of certificates with which Internet Explorer can verify the sources of the programs.

In Internet Explorer, choose Tools Internet Options to see the Internet Options dialog box. Clicking the Content tab and then the Publishers button displays the Certificates dialog box with the Trusted Publishers tab selected. The dialog box lists certificates for software publishers that you have told your browsers to trust. New certificates are added when you download authenticated software from the Internet. You can delete a certificate from this list by selecting it and clicking Remove.

Managing Your Personal Certificates

You can get your own certificate to identify yourself to secure remote web servers that demand user certificates for identification. See "Getting a Certificate" later in this chapter for how to get your own certificate for use both on the Web and in sending and receiving secure e-mail.

To see what personal certificates are installed in Internet Explorer, choose Tools Internet Options, click the Content tab, and click the Certificates button to display the Certificates dialog box with the Trusted Root Certification Authorities tab selected, shown in Figure 33-6. You see a list of the certificates you have installed on your computer that you can use to identify yourself.

Figure 33-6: The Certificates dialog box showing your own certificates.

If you receive a certificate and store it on your disk, click Import to read the certificate and include it on the list in this dialog box. Windows can read certificates stored in personal certificate files (with the extension .pfx). You can export a certificate and its associated information to a personal certificate file; select the certificate from the list in the Certificates dialog box and click Export.

Tip  

If you get a certificate in Internet Explorer, you can export it to a file and then import the certificate from that file into any other certificate-capable web browser (like Mozilla) or vice versa.

Other Internet Explorer Security Settings

A few additional security settings appear on the Advanced tab of the Internet Options dialog box (choose Tools Internet Options in Internet Explorer, click Advanced, and scroll down to the Security section of the list of settings, shown in Figure 33-7).

Figure 33-7: Additional security settings in Internet Explorer.

Категории