Unlock Digital Signature Legitimacy for Sick Leave Policy in Mexico

How to eSign a document: digital signature legitimacy for Sick Leave Policy in Mexico

hi I'm Mike Chappell and in this cert mic explains video we're going to talk about how we can create and use digital certificates to securely exchange public encryption keys let's begin with a quick review of what digital certificates do in the first place and then we'll talk about how you create a new one let's say that Alice wants to obtain a new digital certificate Alice first creates a public-private key pair for the encryption algorithm of her choice she then creates a message called a certificate signing request or CSR the CSR contains Alice's public key as well as Alice's name and other identifying information such as an email address or server name Alice then sends the CSR to the certificate authority of her choice this might be an independent organization that's trusted by many people around the world or it might be a private certificate Authority operated for use within her organization when the certificate Authority receives the CSR it first takes whatever action is necessary to validate the identity of the requester it is the ca's responsibility to perform sufficient identity verification to put its own seal of approval on the certificate now this is in the ca's best interest because if a CA starts issuing invalid certificates people will stop trusting that CA and that CA is going to find itself out of business pretty quickly now once the ca is satisfied that the sender is legitimate it removes the public key and identity information from the CSR and puts it into the format of an x.509 certificate the ca then uses its private key to place the ca's digital signature on the digital certificate and sends that certificate back to the requester the requester can then provide the certificate to anyone who wants to communicate with them these third parties can verify that the certificate is valid by simply checking that the ca's digital signature on the certificate is valid if the signature is correct third parties know that they can use the public key contained in the certificate to communicate with the entity identified on the certificate the certificate created by the ca includes several different certificate attributes of course it includes the certificate subject's public key as well as an expiration date it also includes the CN or common name attribute this is the identity secured by the certificate for example in the digital certificate for my website that you see here the common name is .certmike.com now that you know how to create a digital certificate I like to spend a little time talking about the different file formats used for certificates but before I do that I just want to take a moment to invite you to visit my website at certmike.com on that site I have free study plans put together to help you earn your next certification the plans tie together the content that you'll find in study guides video courses and practice tests to help you prepare for your next certification exam and pass that test on the first try also if you're enjoying this shirt Mike explains video please take a moment to click the like button below to help other people discover it if you subscribe to my channel you'll be among the first to see my new cyber security videos when they come out digital certificates come in a wide variety of different formats both binary and text-based let's take a look at some common certificate formats the most common format is the distinguished encoding rules or der format this is a binary certificate format so it appears like the nonsense that you see on the side of the screen if you try to view the certificate der certificates are normally stored in files with the dot der dot CRT or dot CER extensions the pem certificate format is closely related to the Der format pem stands for privacy enhanced mail an older secure email standard that's no longer used but we still use the certificate format from that standard today for other purposes pem certificates are ASCII text versions of der certificates such as the one shown here and that's a lot more readable than the binary version you can easily convert between binary der certificates and text-based pem certificates using tools like openssl pem certificates are normally stored in files with the dot pem or dot CRT file extensions now you might have picked up on the fact that the dot CRT file extension is used for both binary der files and text pem files that's very confusing and you should remember that you can't tell whether a CRT certificate is binary or text without actually looking at the contents of the file personal information exchange or pfx format is another standard format for certificates and the certificates are maintained in binary form again appearing like nonsense like the pfx certificate shown on the side of the screen here this format is commonly used by Windows systems pfx certificates typically have either dot pfx or dot p12 file extensions you can also store pfx certificates in a text form using the p7b format this is an ASCII text equivalent for pfx certificates just like pem is an ASCII alternative for der certificates as with pfx certificates you'll commonly find p7b certificates in use on Windows systems and using the p7b file extension now that's a lot of acronyms on file formats and it can be confusing here's a handy summary table that captures all the information that you'll need to know about these certificates when you prepare for your exam you might want to pause the video for a minute here and study this table I hope this video helped you better understand digital certificates if it did please click the like button below and subscribe to my channel for more it certification content [Music] foreign