Recently Written

• How to read exim main log?
• How to Setup POP3 Account in Android Phone
• LINUX SERVER HARDENING + FIREWALL SERVICES
• Oracle VM VirtualBox – Share Folder
• Google Map not showing up in IE9
• Country identification based on IP address: downloading IPs database
• SEO : Paid vs. Organic Search
• How to stop receiving duplicate email messages
• Using “Ping Plotter” to trace network of Slow / Unable to Access Server
• Malaysia Server Comparision
• The Benefits of doing business online
• How to keep the Facebook like button’s language
• JavaScript SDK description
• What’s Website? How can a website help in your business by using Google MAP?
• Unexpected error bring a programmer into nightmare…!buuut FUN!
• BigDump: Staggered MySQL Dump Importer
• Slow Network Connection from Local Malaysia Users 1st, July 2011
• SEO advice: url canonicalization
• Oracle Vb.Net
• Facebook FAN PAGE – Account Veritifcation Code

Categories

• About Us
  • Joomla! Website DIY
  • Maple News
  • Social Activities & News
• Computer Software
  • Software Application
  • Software Development
• Others
  • Business Resources
  • CyberLaw
• Website Marketing
  • Domain & Server Hosting
  • E-Commerce
  • Email Marketing
  • Internet Technology
  • Online Advertisement
  • Search Engine Optimization (SEO)
  • Security Issue
  • Social Media Strategy

Archives

• November 2011
• October 2011
• September 2011
• August 2011
• July 2011
• June 2011
• May 2011
• April 2011
• March 2011
• January 2011
• December 2010
• November 2010
• October 2010
• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009

Blogroll

• Business Email - Corporate Business Email Solution
• Container Malaysia - Cabin & Container Manufacturer
• Ergonomic Backpack - Ergonomic Healthy Backpack
• Hydraulic Components - Standco Hydraulic Components
• Joomla! Malaysia - Joomla! Website DIY Toolkit
• Malaysian Speaker Association - MSA Convention sponsor by Jim Industries
• Website Marketing - The 1st Website Marketing Strategies Consultant for SMEs
• Whole Sales King - #1 Online Shopping in Malaysia
• 北海斗母宫 - 北海斗母宫 sponsor by Jim Industries

Admin

• Log in
• Wordpress
• XHTML

Digital certificates use public key cryptography, which is a form of cryptography that uses two keys called a matched keypair. The matched keypair consists of a private key, which is known only to the owner of the keypair, and a public key, which is available to anyone.

The components of the matched keypair are related mathematically so that the encrypted text created using one component of the keypair can be decrypted by using only the other component of the keypair.

You obtain a signed certificate by sending a certificate signing request signed with your private key and containing your public key to a trusted certificate authority, which sends back a signed certificate containing your public key and signed with their private key.

Note: Digital certificates expire after a predetermined period of time. When they expire, HTTPS connection requests to your Web servers are rejected, and certificate-based cXML document authentication fails. You are responsible for renewing your certificates in a timely manner.

Client and Server Certificates

There are two types of digital certificates:

• server certificates, used for SSL, which is required for accepting HTTPS connection requests. These certificates are also called Web server certificates, secure server certificates, and secure server IDs. For more information about HTTP, see “HTTPS Connections” on page 26.
• client certificates, used for “certificate based cXML document authentication.”
  For more information about cXML authentication, see “cXML Document Authentication” on page 27.
  You can use a single certificate as both a server and a client certificate, depending on the information the certificate authority includes:
  • If X.509v3 or Netscape extended key usage sections are present, the certificate cannot be used for any purpose not specified by the certificate (for example, server or client).
  • If X.509v3 or Netscape extended key usage section are not present, the certificate can be used for any purpose (including server and client).

If you plan to use a single certificate for both SSL and certificate based authentication, ask your certificate authority to issue one that is both a server and a client certificate.

Trusted Certificate Authorities

When you purchase a signed digital certificate, it must refer to an organization that is trusted by Ariba Network. You can use a digital certificate issued by any issuing organization, however it must reference a root certificate from a trusted Certificate Authority. The trusted Certificate Authorities are:

• ABAecom
• AddTrust
• American Express
• ANX Network
• Belgacom
• BelSign
• Deutsche Telekom AG
• Digital Signature Trust Co.
• Entrust
• Equifax
• GlobalSign
• GoDaddy
• GTE CyberTrust
• National Retail Federation
• Thawte
• TrustCenter
• United Parcel Service
• U.S. Department of Defense
• ValiCert
• VeriSign

Encryption Strength
Ariba recommends use of 128-bit encryption or greater.

Common encryption strengths are 40, 56 and 128 bits; The greater the encryption bit width, the stronger the encryption, and the more secure the SSL connection.

Note that “128-bit certificates” are not necessary to support 128-bit encryption. Most “40-bit certificates” support 128-bit encryption or greater. “128-bit certificates” enable server-gated cryptography, which Ariba Network does not use. In most cases, you can use less expensive “40-bit certificates”; consult with your certificate authority about supported encryption strengths.

Domain Name in Server Certificates
The CN (Common Name) field in server certificates for HTTPS must be a fully qualified DNS domain name of a Web server. For example, www.workchairs.com.

You must enter the same name in the transactive URL fields the Configuration area of your Ariba Network account and the name contained in your cXML ProfileResponse. Do not use IP addresses, because you cannot enter IP addresses in your Ariba Network account.

Use a separate certificate for each DNS name that clients will attempt to connect to. Certificate names do not specify Web server ports, so multiple Web server instances on different ports can use the same certificate. However, multiple Web servers cannot share a single certificate.