|
It is a trivial task for a user to generate a structurally sound X.509
certificate, and use it to negotiate mutually authenticated connections
to publicly available services. Clearly, this scenario is a security
nightmare for IT administrators. You can not allow every user to generate
their own certificate and use it on the Internet.
For this reason, the Enterprise Gateway can establish the authenticity of the client
certificate by ensuring that the certificate originated from a trusted
source. To do this, a server can perform a
certificate chain check on the client certificate.
The main purpose of certificate chain validation is to ensure that a
certificate has been issued by a trusted source. Typically, in a
Public-Key Infrastructure (PKI), a Certificate Authority (CA) is
responsible for issuing and distributing certificates. The whole
infrastructure is based on the premise of transitive
trust—if everybody trusts the CA, everybody transitively
trusts the certificates issued by that CA. If entities only trust
certificates that have been issued by the CA, they can reject
certificates that have been self-generated by clients.
When a CA issues a certificate, it digitally signs the certificate and
inserts a copy of its own certificate into it. This is called a
certificate chain. Whenever an application (such as the Enterprise Gateway)
receives a client certificate, it can extract the issuing CA certificate
from it, and run a certificate chain check to determine whether it should
trust the CA. If it trusts the CA, it also trusts the client certificate.
The Enterprise Gateway maintains a repository of both trusted CA certificates,
known as the Certificate Store. To trust
a certain CA, that CA certificate must be imported into the Certificate
Store.
|