Understanding common secure communication-related terminology

As you prepare to establish secure communications of OpenEdge Management and OpenEdge Explorer data, there are several terms with which you should be familiar.

A method of translating data into a code that is indecipherable without a special key or password. The sender of the data encrypts it, and the receiver of the data decrypts it.

Encrypted data is also known as cipher text.

A communication that allows the server to identify (authenticate) itself to the client by sending a certificate. The client uses the certificate to verify that the sender is who it claims to be.

Public and private key pair

The combination of a sender's public key, which is common knowledge, and a private key, which is known only by the recipient of an Internet communication. For example, if a server wants to send a secure communication to a client, the server uses the private key to encrypt the contents of the message. The client then uses its public key to decrypt the encrypted message.

A database that functions as a repository for the certificates and keys.

A key and certificate management utility, developed by Sun Microsystems, that allows you to administer your own private/public key pairs and associated certificates. You then use these keys and certificates for self-authentication (in which you authenticate yourself to other users or services) using digital signatures.

A commonly used standard for defining digital certificates.

An attachment included in a network communication for the purposes of security. A certificate allows the recipient of the communication to verify that the sender is as claimed and allows the recipient to return to the sender an encrypted response.

A certificate is issued by a Certificate Authority (CA).

Each certificate is a dated entity that has a limited lifespan. A typical certificate is issued for a year; however, a trial certificate will likely be valid for a shorter period of time, perhaps for fourteen days.

You can typically obtain a 14-day trial certificate from a certificate/security company such as Verisign (http://www.verisign.com).

Certificate Authority

A provider of encrypted digital certificates. The CA signs the certificate request and chains it to its root certificate.

A certificate that identifies the Certificate Authority. A root certificate is self-signed, meaning it does not chain to another certificate to establish trust. If a certificate user, such as a browser, does not recognize a particular certificate, it walks the chain for a parent that it does know, until it reaches the root.

A signature on a certificate from a trusted Certificate Authority.

A utility you can use to add any Certificate Authority's root certificate to the trend trust keystore, if the root certificate is not already there. You can also use the procertm utility to convert digital certificates between certificate file types (.der and .pem).