PowerTCP Mail for .NET
Security Overview
Send comments on this topic.



Glossary Item Box

What is a digital certificate?

Authentication is important for secure communications. Users must be able to prove their identity to the entities they are communicating with. In addition they must be able to verify the identity of the entity communicating with them. This is accomplished by presenting or verifying some form of trusted credentials.

A digital certificate is a common credential that provides authentication. A trusted organization, called a Certificate Authority (CA), assigns a certificate to a user or entity and the user or entity then uses the certificate to prove itself to the other side. You may configure your system to accept any number of Certificate Authorities. Completing the following steps to access the Certificates dialog box:

  1. In the Control Panel, double-click Internet Options.
  2. Select the Content tab, and then click Certificates.

Where do I get a certificate?

Certificates must come from a trusted CA. A user submits a certificate request to a CA and the CA returns a certificate for the user to use. Listed below are some Certificate Authorities:

You always need a digital certificate installed to operate as a server. You only need a digital certificate installed on a client if the server requests authentication.

How does the authentication process work?

  1. The client normally initiates the TCP connection. The Connect method makes this TCP connection, sends a "client hello" message, and automatically responds to authentication requests received from the server.
  2. The server accepts the connection initiated by the client, constructs its digital credentials from the digital certificate referred to by the Server.Certificate Property, and sends its credentials to the client.
  3. Optionally, the server may also send an authentication request to the client.
  4. The client receives the server's credentials, verifies it against the CAs it is configured to trust, and responds with its own credentials if an authentication request is received.
  5. If the client and server cannot negotiate a mutually acceptable security protocol, an error is generated and the connection is closed.
  6. If the client cannot validate the server's credentials, an error is generated and the client closes the connection.
  7. If the server cannot validate the client's credentials (if requested), an error is generated and the server closes the connection.
  8. Once protocol negotiation and authentication is successful, secure encryption/decryption is performed on all data passing over the connection.
  9. The session is terminated when one side closes the connection.

What is a certificate store?

A certificate store is a location on the system (memory, disk, registry, etc.) where certificates are stored for use. There are three major system stores and other minor stores. The three major stores are:

There are other certificate stores. For example, the store "SPC" contains software publisher's certificates. For more information see the CertificateStoreName enumeration.

What are the system store and the machine store?

The system store is the certificate store located in the HKEY_CURRENT_USER registry key. The machine store is the certificate store located in the HKEY_LOCAL_MACHINE registry key. Applications installed as a service should store their certificates in the machine store since there is no current user when running as a service.

What is the X500 naming convention?

This is a format for creating a distinguished name. The different parts of the name are described below:

Here are some examples of X500 names:

Documentation Version 3.2
© 2010 Dart Communications. All Rights Reserved.