PowerTCP Sockets for .NET
Security Overview



What is a digital certificate?

Authentication is important for secure communications. Users must be able to prove their identity to the entities they are communicating with. In addition they must be able to verify the identity of the entity communicating with them. This is accomplished by presenting or verifying some form of trusted credentials.

A digital certificate is a common credential that provides authentication. A trusted organization, called a Certificate Authority (CA), assigns a certificate to a user or entity and the user or entity then uses the certificate to prove itself to the other side. A system may be configured your to accept any number of Certificate Authorities. Complete the following steps to access the Certificates dialog box:

  1. In the Control Panel, select Internet Options.
  2. Select the Content tab, and then click Certificates.

Where do I get a certificate?

Certificates must come from a trusted CA. A user submits a certificate request to a CA and the CA returns a certificate for the user to use. Listed below are some Certificate Authorities:

A digital certificate is always required for an application to operate as a secure server. A digital certificate is only required on the client if the server requests authentication.


How does the authentication process work?

  1. The client normally initiates the TCP connection. PowerTCP components make this connection, send a "client hello" message, and automatically respond to authentication requests received from the server.
  2. The server accepts the connection initiated by the client, constructs its digital credentials, and sends its credentials to the client.
  3. Optionally, the server may send an authentication request to the client.
  4. The client receives the server's credentials, verifies them against the CAs it is configured to trust, and responds with its own credentials if an authentication request is received.
  5. If the client and server cannot negotiate a mutually acceptable security protocol, an error is generated and the connection is closed.
  6. If the client cannot validate the server's credentials, an error is generated and the client closes the connection.
  7. If the server cannot validate the client's credentials (if requested), an error is generated and the server closes the connection.
  8. Once protocol negotiation and authentication is successful, secure encryption/decryption is performed on all data passing over the connection.
  9. The session is terminated when one side closes the connection.

What is a certificate store?

A certificate store is a location on the system (memory, disk, registry, etc.) where certificates are stored for use. There are three major system stores and other minor stores. The three major stores are:

There are other certificate stores. For example, the store "SPC" contains software publisher's certificates.


What are the system store and the machine store?

The system store is the certificate store located in the HKEY_CURRENT_USER registry key. The machine store is the certificate store located in the HKEY_LOCAL_MACHINE registry key. Applications installed as a service should store their certificates in the machine store since there is no current user when running as a service.


What is the X500 naming convention?

This is a format for creating a distinguished name. The different parts of the name are described below:

Here are some examples of X500 names:


See Also

Reference


PowerTCP Sockets for .NET Documentation Version 6.1
© 2023 Dart Communications. All Rights Reserved.
Send comments on this topic