Forgive me for droning on about this. I just did that certificate class for NewEra and this stuff is on my brain.
> the CA vouches that your public key belongs to the > entity that once called itself "Charles Mills" As I said, not exactly. One of the reasons certificates can be so confusing is that they accomplish two largely unrelated tasks (I am speaking of end entity certificates, "server certificates" here): - The one that gets much of the attention is really the less interesting part: setting up the data encryption for the session. The public key in the certificate is the first step in that process. That is what it is used for. It does not "prove" anything to the user. - The more critical task IMHO is proving to the user that she is actually talking to the URL she intended to talk to: that her session is really, truly with Bank of America and not with some man-in-the-middle pretending to be Bank of America. That's why the CA's validation that the folks they are issuing the certificate to are really who they claim to be is so critically important. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Paul Gilmartin Sent: Monday, August 31, 2020 7:47 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: setting up CSSMTP to use TLS-SSL On Mon, 31 Aug 2020 06:31:12 -0700, Charles Mills wrote: >A self-signed certificate *is* a root certificate -- the two terms are >essentially synonymous (although they are used with different implications). >If the SMTP server is presenting a self-signed certificate then it effectively >is its own CA certificate, and you will have to install it in RACF. > What does "self-signed certificate" mean? Who should trust one? I'm imagining, in the extreme, a certificate self-signed by Guccifer 2.0. What is the trail of authentication? I understand you have a cert. What did you need to do to authenticate yourself to the CA? Is it merely that the CA vouches that your public key belongs to the entity that once called itself "Charles Mills" and paid with a credit card? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
