copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » AusCERT PKI ... » AusCERT CS Certificate Types and Use Cases
 

AusCERT CS Certificate Types and Use Cases
Date: 30 November 2011

Click here for printable version

Certificate Types and Usage

The AusCERT CS provides access to the following certificate types.

SSL/TLS

SSL/TLS certficate are used for web servers or other hosts. It allows for mutual authentication by client and server. More typical implementations provide server authentication, by allowing a client to verify the authenticity of the server.

In addition, it provides confidentiality and integrity of the data sent in transit, through cryptographic mechanisms.

SSL certificates should be used where ever there is sensitive data that needs to be sent over an insecure nework (where confidentiality is required); and/or where there is a risk that the data may be modified in transit (integrity protection); and/or to prevent client hosts or other relying parties from being fooled to exchanging sensitive information with a fraudulent party that impersonates the legitimate server.

The following SSL/TLS certificates are offered through the CSM:

    Standard SSL/TLS Certificate

  • A standard SSL/TLS certficate is normally used to secure a single web site. When selecting a standard SSL certificate within the CSM, the common name (CN) must be a FQDN. The certificate issued may include a subject alternate name (SAN) if the CN does not begin with www. Note: If a standard AusCERT SSL Certificate is selected, any SAN entries in the supplied CSR will ignored.

    This is the type you should choose for most situations.

    Wildcard SSL/TLS Certificate

  • Wildcard SSL/TLS certficates can be used to used to secure any number of sub-domains (host names), without needing to specify each one. A wildcard certificate will also match the base domain.

    • An example of a wildcard match is as follows.

    *.example.edu.au will match:

    example.edu.au
    business.example.edu.au
    chem.example.edu.au

    but not any of the following:

    www.business.example.edu.au
    www.chem.example.edu.au

    Multi-domain SSL/TLS Certificate

  • A multi domain certificate (MDC) is normally used to secure a group of specific web sites. A combination of fully qualified domain names (FQDN) and wildcard domains may be specified in an MDC, but the CN must not include a wildcard domain. Alternate names, including wildcard domains, may be supplied in the SAN for the certificate. SAN entries may also contain email addresses, IP addresses, hostnames, etc

    When ordering a multi-domain SSL certificate from the CSM, you must select the correct certificate type (AusCERT Multi Domain SSL) from the drop-down menu.

    • SGC Certificates

  • A server gated cryptography (SGC) certificate upgrades the encryption capabilities of older browsers from 40-bit encryption into full 128 or 256-bit encryption. This means your web site protects and is trusted by the highest number of internet users possible, even those using older versions of Windows and Internet Explorer.

    • UC Certificates (Microsoft Exchange)

  • Unified communications certificates (UCC) are used with Microsoft Exchange and are similar to MDC, but also include uses for telephony and other communications. SAN entries may contain email addresses, IP addresses, hostnames, etc. For more details see Comodo 2048 bit SSL certificates.

    • IdP/SP SSL and IdP/SP SGC Certificates

  • Identity provider (IdP) certificates are restricted for use in federated ID applications as part of the Australian Access Federation. For more information see the Australian Access Federation.

    • Intranet SSL/TLS Certificates

  • Intranet certificates are suitable for internal network servers and hosts. Their use is limited to private ranges of IP addresses and names (non-FQDN). Examples:

    example
    192.168.1.1
    10.1.0.1

    For more information about what host names and addresses are permissible for use in an Intranet environment, refer to the Comodo guide of acceptable internal domain names.

    EV SSL/TLS Certificates

  • Extended validation (EV) certificates provide higher levels of assurance to relying parties that the organisation that appears in the certificate owns the specified domain. EV SSL certificates, where valid turn the address bar green; or red when invalid (TBA) to provide additional visual clues to the relying party as to whether the certificate can or should be trusted.

  • While participant organisations may order, request, and manage the life cycle of the EV SSL through the CSM, please note that EV SSL certificates are not covered by the AusCERT and PO agreement. Rather a separate agreement between the PO and Comodo is required and will incur a separate charge. The agreement is presented to the requester online, when the EV SSL is ordered. Comodo will invoice AusCERT on behalf of the PO and AusCERT, in turn, will issue an invoice for any EV SSL certificates ordered via the CSM. Please see the price schedule for details.

  • EV SSL certificates can be used for financial transactions. Extended validation is available for the following types of AusCERT certificates:

    1. EV SSL single domain

    2. EV SSL multi domain certificate (MDC)

    3. EV SSL Server Gated Cryptography (SGC) single domain

    For more details see Comodo 2048 bit SSL certificates.


Comments? Click here http://www.auscert.org.au/render.html?cid=11262&it=15139