Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 777

• Server SSL certificates. Used to identify servers to clients via SSL (server
authentication). Server authentication may be used with or without client
authentication. Server authentication is a requirement for an encrypted SSL
session. For more information, see "SSL Protocol" on page 778.
Example: Internet sites that engage in electronic commerce (commonly known
as e-commerce) usually support certificate-based server authentication, at a
minimum, to establish an encrypted SSL session and to assure customers that
they are dealing with a web site identified with a particular company. The
encrypted SSL session ensures that personal information sent over the
network, such as credit card numbers, cannot easily be intercepted.
• S/MIME certificates. Used for signed and encrypted email. As with client SSL
certificates, the identity of the client is typically assumed to be the same as the
identity of a human being, such as an employee in an enterprise. A single
certificate may be used as both an S/MIME certificate and an SSL certificate
(see "Signed and Encrypted Email," which begins on page 778). S/MIME
certificates can also be used for form signing and as part of a single sign-on
solution.
Examples: A company deploys combined S/MIME and SSL certificates solely
for the purpose of authenticating employee identities, thus permitting signed
email and client SSL authentication but not encrypted email. Another company
issues S/MIME certificates solely for the purpose of both signing and
encrypting email that deals with sensitive financial or legal matters.
• Object-signing certificates. Used to identify signers of Java code, JavaScript
scripts, or other signed files. For more information, see "Object Signing," which
begins on page 780.
Example: A software company signs software distributed over the Internet to
provide users with some assurance that the software is a legitimate product of
that company. Using certificates and digital signatures in this manner can also
make it possible for users to identify and control the kind of access
downloaded software has to their computers.
• CA certificates. Used to identify CAs. Client and server software use CA
certificates to determine what other certificates can be trusted. For more
information, see "How CA Certificates Are Used to Establish Trust," which
begins on page 784.
Example: The CA certificates stored in Communicator determine what other
certificates that copy of Communicator can authenticate. An administrator can
implement some aspects of corporate security policies by controlling the CA
certificates stored in each user's copy of Communicator.
The sections that follow describes how certificates are used by Netscape products.
Appendix J Introduction to Public-Key Cryptography
Certificates and Authentication
777