The meanings of the abbreviations before each equal sign are as follows:
- uid: user ID
- e: e-mail address
- cn: the user's common name
- o: organization
- c: country
The user's public key and everything contained within the fields of an X.509 public key certificate -- including the DN -- is encrypted with the private key of the CA. Anyone who has access to a copy of the CA's certificate can verify the authenticity of the user's certificate by decrypting the user's DN with the public key contained in the CA's certificate. This verification method means that the information within a certificate cannot be altered, because if it is, the CA's signature will be invalidated. When someone sends a digitally signed e-mail, it contains a digital certificate. If there is a problem with the certificate, the e-mail program will send an alert.
To verify whether the digital certificate used is still valid, send a request for certificate information to the appropriate CA. The CA will send back information on the status of the certificate, including whether it has been revoked. Outlook Express has this feature. To enable it, go to the "Advanced" section of the "Security" tab in the "Options" settings. This automatically sends a request to the CA for information about the digital certificate when you open a signed message.
Dig Deeper on PKI and Digital Certificates
Related Q&A from Michael Cobb
Address bar spoofing attacks can be detrimental to an organization. Expert Michael Cobb details several vulnerabilities and explains how to defend ...continue reading
Facebook added OpenPGP encryption to its messaging services to help improve messaging safety. Expert Michael Cobb explains the benefits of the ...continue reading
The updated Chrome extension policy allows users and developers to only install extensions from the Chrome Web Store. Learn how this affects security...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.