What is a security certificate?
A security certificate is a small text file that is part of a third-party generated public key infrastructure (PKI) to help guarantee the identity of both the user logging on and the web site they where they are logging in.
A certificate includes identifying information such as the company and location information for the web site, as well as the third-party company name, the expiry date of the certificate, and the public key.
FortiGate units use X.509 certificates to authenticate single sign-on (SSO) for users. The X.509 standard has been in use since before 2000, but has gained popularity with the Internet’s increased popularity. X.509 v3 is defined in RFC 5280 and specifies standard formats for public key certificates, certificate revocation lists, and a certification path validation algorithm. The unused earlier X.509 version 1 was defined in RFC 1422.
The main difference between X.509 and PGP certificates is that where in PGP anyone can sign a certificate, for X.509 only a trusted authority can sign certificates. This limits the source of certificates to well known and trustworthy sources. Where PGP is well suited for one-to-one communications, the X.509 infrastructure is intended to be used in many different situations including one-to-many communications. Some common filename extensions for X.509 certificates are listed below.
Common certificate filename extensions
|.pem||Privacy Enhanced Mail (PEM)||Base64 encoded DER certificate, that uses:
“—–BEGIN CERTIFICATE—–” and
|Security Certificate||Usually binary DER form, but Base64-encoded certificates are common too.|
|Structure without data, just certificates or CRLs.
PKCS#7 is a standard for signing or encrypting (officially called “enveloping”) data.
|.p12||PKCS#12||May contain certificate(s) (public) and private keys (password protected).|
|.pfx||personal information exchange (PFX)||Older format. Came before PKCS#12. Usually today data is in PKCS#12 format.|
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos