The meanings of the abbreviations before each equal sign are as follows:
- uid: user ID
- e: e-mail address
- cn: the user's common name
- o: organization
- c: country
The user's public key and everything contained within the fields of an X.509 public key certificate -- including the DN -- is encrypted with the private key of the CA. Anyone who has access to a copy of the CA's certificate can verify the authenticity of the user's certificate by decrypting the user's DN with the public key contained in the CA's certificate. This verification method means that the information within a certificate cannot be altered, because if it is, the CA's signature will be invalidated. When someone sends a digitally signed e-mail, it contains a digital certificate. If there is a problem with the certificate, the e-mail program will send an alert.
To verify whether the digital certificate used is still valid, send a request for certificate information to the appropriate CA. The CA will send back information on the status of the certificate, including whether it has been revoked. Outlook Express has this feature. To enable it, go to the "Advanced" section of the "Security" tab in the "Options" settings. This automatically sends a request to the CA for information about the digital certificate when you open a signed message.
Dig deeper on PKI and Digital Certificates
Related Q&A from Michael Cobb
A reported 43% of Microsoft XML users are running vulnerable versions of the software. Security expert Michael Cobb discusses how to mitigate the ...continue reading
Security expert Michael Cobb explains what Open Authorization or OAuth 2.0 is, its pros and cons, and how it is different from bring your own ...continue reading
While the fundamentals of securing an e-commerce website haven't changed in a few years, there are new threat vectors and security risks to be aware ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.