The meanings of the abbreviations before each equal sign are as follows:
- uid: user ID
- e: e-mail address
- cn: the user's common name
- o: organization
- c: country
The user's public key and everything contained within the fields of an X.509 public key certificate -- including the DN -- is encrypted with the private key of the CA. Anyone who has access to a copy of the CA's certificate can verify the authenticity of the user's certificate by decrypting the user's DN with the public key contained in the CA's certificate. This verification method means that the information within a certificate cannot be altered, because if it is, the CA's signature will be invalidated. When someone sends a digitally signed e-mail, it contains a digital certificate. If there is a problem with the certificate, the e-mail program will send an alert.
To verify whether the digital certificate used is still valid, send a request for certificate information to the appropriate CA. The CA will send back information on the status of the certificate, including whether it has been revoked. Outlook Express has this feature. To enable it, go to the "Advanced" section of the "Security" tab in the "Options" settings. This automatically sends a request to the CA for information about the digital certificate when you open a signed message.
Dig deeper on PKI and Digital Certificates
Related Q&A from Michael Cobb
Today's powerful smartphones can sometimes spread viruses to the corporate network. Learn how it can happen and how to prevent it.continue reading
Do you know some of the best third-party patch deployment tools? See expert Michael Cobb's recommendations on which tools would work best for your ...continue reading
Users in the enterprise may unknowingly be exposed to 'Gchat' security risks. Expert Michael Cobb discusses Internet application security best ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.