Sun Microsystems 820433510 manual Introduction to Certificates and SSL, About Digital Certificates

Introduction to Certificates and SSL

5Assign a security role to users in the realm.

To assign a security role to a user, add a security-role-mapping element to the deployment descriptor that you modified in Step 4.

The following example shows a security-role-mapping element that assigns the security role Employee to user Calvin.

<security-role-mapping> <role-name>Employee</role-name> <principal-name>Calvin</principal-name>

</security-role-mapping>

Introduction to Certificates and SSL

The following topics are discussed in this section:

■“About Digital Certificates” on page 108

■“About Secure Sockets Layer” on page 109

About Digital Certificates

Digital certificates(or simply certificates) are electronic files that uniquely identify people and resources on the Internet. Certificates also enable secure, confidential communication between two entities.

There are different kinds of certificates, such as personal certificates, used by individuals, and server certificates, used to establish secure sessions between the server and clients through secure sockets layer (SSL) technology. For more information on SSL, see “About Secure Sockets Layer” on page 109.

Certificates are based on public key cryptography, which uses pairs of digital keys (very long numbers) to encrypt, or encode, information so it can be read only by its intended recipient. The recipient then decrypts (decodes) the information to read it.

A key pair contains a public key and a private key. The owner distributes the public key and makes it available to anyone. But the owner never distributes the private key; it is always kept secret. Because the keys are mathematically related, data encrypted with one key can be decrypted only with the other key in the pair.

A certificate is like a passport: it identifies the holder and provides other important information. Certificates are issued by a trusted third party called a Certification Authority(CA). The CA is analogous to passport office: it validates the certificate holder's identity and signs the certificate so that it cannot be forged or tampered with. Once a CA has signed a certificate, the holder can present it as proof of identity and to establish encrypted, confidential communications.