Symmetric Key Algorithms
17. Validating a Certificate
Validating a certificate is a task that falls on the end user. The end user is the one trying to figure out if the certificate presented is valid. Usually, this is done by the user's software.
The process for validating a certificate includes the following steps.
Compare the CA that signed the certificate to the CA in the receiver's computer
Calculate a message digest for the certificate
Use the CA public key to decrypt the signature and recover message
Review validity dates
Review identification information
Compare encrypted and decrypted message to prove integrity
Check revocation list for certificates
There are two techniques for checking whether a certificate has been revoked. The first is the certificate revocation lists (CRL) which are issued periodically by a CA that contains a list of certificate serial numbers that are invalid. The second method is an online check called Online Certificate Status Protocol (OCSP).OCSP is a protocol that browser software uses to query a CA dynamically for the revocation status of a certificate.