diff options
Diffstat (limited to 'l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml')
-rw-r--r-- | l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml | 491 |
1 files changed, 491 insertions, 0 deletions
diff --git a/l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml b/l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml new file mode 100644 index 0000000000..8eb9542c69 --- /dev/null +++ b/l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml @@ -0,0 +1,491 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" + "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"[ + <!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" > + %brandDTD; +]> + +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<title>Certificate Information and Decisions</title> +<link rel="stylesheet" href="helpFileLayout.css" + type="text/css"/> +</head> +<body> + +<div class="boilerPlate">This document is provided for your information only. + It may help you take certain steps to protect the privacy and security of + your personal information on the Internet. This document does not, however, + address all online privacy and security issues, nor does it represent a + recommendation about what constitutes adequate privacy and security + protection on the Internet.</div> + +<h1 id="certificate_information_and_decisions">Certificate Information and + Decisions</h1> + +<p>This section describes how to use various windows displayed at different times by + Certificate Manager. The additional information given here appears when you click + the Help button in one of those windows.</p> + +<div class="contentsBox">In this section: + <ul> + <li><a href="#certificate_viewer">Certificate Viewer</a></li> + <li><a href="#choose_security_device">Choose Security Device</a></li> + <li><a href="#encryption_key_copy">Encryption Key Copy</a></li> + <li><a href="#certificate_backup">Certificate Backup</a></li> + <li><a href="#user_identification_request">User Identification Request</a></li> + <li><a href="#new_certificate_authority">New Certificate Authority</a></li> + <li><a href="#website_certificates">Website Certificates</a></li> + </ul> +</div> + +<h2 id="certificate_viewer">Certificate Viewer</h2> + +<p>The Certificate Viewer displays information about a certificate you selected + in one of the Certificate Manager tabs. The General tab summarizes + information about who issued the certificate, its verification status, what + the certificate can be used for, and so on. The Details tab provides complete + details on the certificate's contents.</p> + +<p>If you are not currently viewing the Certificate Viewer, follow these + steps:</p> + +<ol> + <li>Open the <span class="mac">&brandShortName;</span> + <span class="noMac">Edit</span> menu and choose Preferences.</li> + <li>Under the Privacy & Security category, click Certificates. (If no + subcategories are visible, double-click Privacy & Security to expand + the list.)</li> + <li>Click Manage Certificates.</li> + <li>Click the tab for the type of certificate whose details you want to + view.</li> + <li>Select the certificate whose details you want to view.</li> + <li>Click View.</li> +</ol> + +<div class="contentsBox">In this section: + <ul> + <li><a href="#general_tab">General Tab</a></li> + <li><a href="#details_tab">Details Tab</a></li> + </ul> +</div> + +<h3 id="general_tab">General Tab</h3> + +<p>When you first open the Certificate Viewer, the General tab displays several + kinds of information about the selected certificate:</p> + +<ul> + <li><strong>This certificate has been verified for the following + uses</strong>: See + <a href="glossary.xhtml#certificate_verification">certificate verification</a> + for a discussion of how the Certificate Manager verifies certificates. Uses + can include any of the following: + <ul> + <li><strong>SSL Client Certificate</strong>: Certificate used to identify + you to websites.</li> + <li><strong>SSL Server Certificate</strong>: Certificate used to identify + a website server to browsers.</li> + <li><strong>Email Signer Certificate</strong>: Certificate used to + identify you for the purposes of digitally signing email messages.</li> + <li><strong>Email Recipient Certificate</strong>: Certificate used to + identify someone else, for example so you can send that person + encrypted email.</li> + <li><strong>Status Responder Certificate</strong>: Certificate used to + identify an online status responder that uses the Online Certificate + Status Protocol (OCSP) to check the validity of certificates. For more + information about OCSP, see + <a href="certs_prefs_help.xhtml">Certificates Settings</a>.</li> + <li><strong>SSL Certificate Authority</strong>: Certificate used to + identify a certificate authority—that is, a service that issues + certificates for use as identification over computer networks.</li> + </ul> + </li> + <li><strong>Issued To</strong>: Summarizes the following information about + the certificate: + <ul> + <li><strong>Common Name</strong>: The name of the person or other entity + that the certificate identifies.</li> + <li><strong>Organization</strong>: The name of the organization to which + the entity belongs (such as the name of a company).</li> + <li><strong>Organizational Unit</strong>: The name of the organizational + unit to which the entity belongs (such as Accounting Department).</li> + <li><strong>Serial Number</strong>: The certificate's serial + number.</li> + </ul> + </li> + <li><strong>Issued By</strong>: Summarizes information (similar to that + provided under <q>Issued To</q>; see above) about the certificate authority + (CA) that issued the certificate.</li> + <li><strong>Validity</strong>: Indicates the period during which the + certificate is valid.</li> + <li><strong>Fingerprints</strong>: Lists the certificate's fingerprints. + A fingerprint is a unique number produced by applying a mathematical + function to the certificate contents. A certificate's fingerprint can + be used to verify that the certificate has not been tampered with.</li> +</ul> + +<h3 id="details_tab">Details Tab</h3> + +<p>Click the Details tab at the top of the Certificate Viewer to see more + detailed information about the selected certificate. To examine information + for any certificate in the Certificate Hierarchy area, select its name, + select the field under Certificate Fields that you want to examine, and + read the field's value under Field Value:</p> + +<ul> + <li><strong>Certificate Hierarchy</strong>: Displays the certificate chain, + with the certificate you originally selected at the bottom. A certificate + chain is a hierarchical series of certificates signed by successive + certificate authorities (CAs). A CA certificate identifies a + <a href="glossary.xhtml#certificate_authority">certificate authority</a> + and is used to sign certificates issued by that authority. A CA certificate + can in turn be signed by the CA certificate of a parent CA and so on up to + a <a href="glossary.xhtml#root_ca">root CA</a>.</li> + <li><strong>Certificate Fields</strong>: Displays the fields of the + certificate selected under Certificate Hierarchy.</li> + <li><strong>Field Value</strong>: Displays the value of the field selected + under Certificate Fields.</li> +</ul> + +<p>The Certificate Viewer displays basic ANSI types in human-readable form + wherever possible. For fields whose contents the Certificate Manager cannot + interpret, it displays the actual values contained in the certificate.</p> + +<h2 id="choose_security_device">Choose Security Device</h2> + +<p>A security device (sometimes called a token) is a hardware or software + device that provides cryptographic services such as encryption and decryption + and stores certificates and keys. The Choose Security Device window appears + when Certificate Manager needs help deciding which security device to use + when importing a certificate or performing a cryptographic operation, such as + generating keys for a new certificate. This window allows you to select one + of two or more security devices that Certificate Manager has detected on your + machine.</p> + +<p>A smart card is one example of a security device. For example, if a smart + card reader connected to your computer has a smart card inserted in it, the + name of the smart card will show up in the drop-down menu. In this case, you + must choose the name of the smart card from the menu to let Certificate + Manager know that you want to use it.</p> + +<p>The Certificate Manager also supplies its own default, built-in security + device, which can always be used no matter what additional devices are or + aren't available.</p> + +<h2 id="encryption_key_copy">Encryption Key Copy</h2> + +<p><a href="glossary.xhtml#certificate_authority">Certificate authorities (CAs)</a> + that issue separate signing and encryption email certificates typically make + backup copies of your private + <a href="glossary.xhtml#encryption_key">encryption key</a> during the + certificate enrollment process.</p> + +<p>The Encryption Key Copy dialog box allows you to approve the creation of + such a backup or cancel the certificate request. A CA that has archived a + backup copy of your encryption key has the potential capability of + decrypting any messages you receive that were encrypted with your + corresponding public key.</p> + +<p>You can take these actions from the Encryption Key Copy dialog box:</p> + +<ul> + <li><strong>View Certificate</strong>: To view the certificate identifying + the CA that is requesting the backup copy, click View Certificate.</li> + <li><strong>OK</strong>: If you trust the CA identified by the CA certificate + to decrypt encrypted messages that you receive, click OK. + + <p>If you are not sure whether to trust the CA that is requesting the + backup copy, talk to your system administrator.</p> + </li> + <li><strong>Cancel</strong>: If you don't trust the CA that is + requesting the backup copy, don't request a certificate from it. Click + Cancel to stop both the backup procedure and the request for a + certificate.</li> +</ul> + +<p>After your CA makes a backup copy of the encryption key, you will be able to + use that key to access your encrypted mail even if you lose your password or + lose your own copy of the key. If no backup copy of your encryption key + exists and you lose your password or the key, you will have no way of reading + email messages that were encrypted with that key.</p> + +<h2 id="certificate_backup">Certificate Backup</h2> + +<p>When you receive a certificate, make a backup copy of the certificate and + its private key, then store the copy in a safe place. For example, you can + put the copy on a floppy disk and store it with other valuable items under + lock and key. That way, even if you have hard disk or file corruption + problems, you can easily restore the certificate.</p> + +<p>It can be inconvenient, at best, and in some situations catastrophic to lose + your certificate and its associated private key, depending on what you use it + for. For example:</p> + +<ul> + <li>If you lose a certificate that identifies you to important websites, you + will not be able to access those websites until you obtain a new + certificate. </li> + <li>If you lose a certificate used to encrypt email messages, you will not + be able to read any of your encrypted email—including both encrypted + messages that you have sent and encrypted messages that you have received. + In this case, if you cannot obtain a backup of the private encryption key + associated with the certificate, you will never be able to read any of the + messages encrypted with that key.</li> +</ul> + +<p>Like any other valuable data, certificates should be backed up to avoid + future trouble and expense. Do it now so you don't forget.</p> + +<h2 id="user_identification_request">User Identification Request</h2> + +<p>Some websites require that you identify yourself with a certificate rather + than a name and password, because certificates provide a more reliable form + of identification. This method of identifying yourself over the Internet is + sometimes called + <a href="glossary.xhtml#client_authentication">client authentication</a>.</p> + +<p>However, Certificate Manager may have more than one certificate on file that + can be used for the purposes of identifying yourself to a website. In this + case, Certificate Manager presents the User Identification Request dialog + box, which displays two kinds of information:</p> + +<p><strong>This site has requested that you identify yourself with a + certificate</strong>: This section of the dialog box lists the following + information:</p> + +<ul> + <li><strong>Host name</strong>: The name of the server requesting + identification, used as part of its URL. For example, the host name for the + Netscape website is <tt>home.netscape.com</tt>.</li> + <li><strong>Organization</strong>: The name of the organization that runs the + website.</li> + <li><strong>Issued under</strong>: The name of the + <a href="glossary.xhtml#certificate_authority">certificate authority (CA)</a> + that issued the certificate.</li> +</ul> + +<p><strong>Choose a certificate to present as identification</strong>: The + certificates you have available for the purposes of identifying yourself to a + website are listed in the drop-down list in this section of the dialog box. + Choose the certificate that seems most likely to be recognized by the website + you want to visit.</p> + +<p>To help you decide, the following details of the selected certificate are + displayed:</p> + +<ul> + <li><strong>Issued to</strong>: Lists information about the person identified + by the certificate (for example, your name and email address) and the + certificate's serial number and validity dates.</li> + <li><strong>Issued by</strong>: Summarizes information about the CA that + issued the certificate, such as its name, location, and state.</li> +</ul> + +<h2 id="new_certificate_authority">New Certificate Authority</h2> + +<p>The certificates that the Certificate Manager has on file, whether stored on + your computer or on an external security device such as a smart card, include + certificates that identify + <a href="glossary.xhtml#certificate_authority">certificate authorities (CAs)</a>. + To be able to recognize any other certificates it has on file, Certificate + Manager must have certificates for the CAs that issued or authorized issuance + of those certificates.</p> + +<p>When you decide to trust a CA, Certificate Manager downloads that CA's + certificate and can then recognize the kinds of certificates you trust that + CA to issue.</p> + +<p>Before downloading a new CA certificate, Certificate Manager allows you to + specify the purposes for which you trust the certificate, if at all. You can + select any of the following options:</p> + +<ul> + <li><strong>Trust this CA to identify websites</strong>: Website certificates + for some websites, such as those that handle financial transactions, can be + extremely important, and inappropriate or false identification can have + negative consequences.</li> + <li><strong>Trust this CA to identify email users</strong>: If you intend to + send email users confidential information in encrypted form, or if accurate + identification of email users is important to you for any other reason, you + should consider carefully the CA's procedures for identifying + prospective certificate owners and whether they are appropriate for your + purposes before selecting this option.</li> + <li><strong>Trust this CA to identify software developers</strong>: Selecting + this option means that you trust the CA to issue certificates that identify + the origin of Java applets and JavaScript scripts requesting special access + to your computer, such as the ability to change files. Since such access + privileges can be misused, for example to destroy data stored on your hard + disk, be very careful about selecting this option unless you are certain + that you trust the CA for this purpose.</li> +</ul> + +<p>Before you decide to trust a new CA, make sure that you know who is + operating it. Make sure the CA's policies and procedures are + appropriate for the kinds of certificates it issues. For example, if the CA + issues certificates identifying websites you use for financial transactions, + make sure you are comfortable with the level of assurance the CA + provides.</p> + +<ul> + <li><strong>View</strong>: Click this button to view the CA certificate you + are about to download. If you decide you don't want to download this + certificate, click Cancel.</li> +</ul> + +<h2 id="website_certificates">Website Certificates</h2> + +<p>When you attempt to go to a website that supports the use of + <a href="glossary.xhtml#ssl">SSL</a> for + <a href="glossary.xhtml#authentication">authentication</a> and + <a href="glossary.xhtml#encryption">encryption</a>, you may be faced with an + error page. There are two types, one called + <a href="#secure_connection_failed_page">Secure Connection Failed</a> and one + called <a href="#untrusted_connection_page">Untrusted Connection</a>.</p> + +<div class="contentsBox">In this section: + <ul> + <li><a href="#secure_connection_failed_page">Secure Connection Failed + Page</a></li> + <li><a href="#untrusted_connection_page">Untrusted Connection Page</a></li> + <li><a href="#secure_connection_failed_dialog">Secure Connection Failed + Dialog</a></li> + <li><a href="#certificate_expired">Server Certificate Expired</a></li> + <li><a href="#certificate_not_yet_valid">Server Certificate Not Yet + Valid</a></li> + <li><a href="#domain_name_mismatch">Domain Name Mismatch</a></li> + </ul> +</div> + +<h3 id="secure_connection_failed_page">Secure Connection Failed Page</h3> + +<p>In the case where you have disabled the SSL protocol (e.g. through + <a href="ssl_help.xhtml#ssl_settings">SSL Settings</a>) or the website that + you are accessing is using an older, insecure version of the SSL protocol then + you will be presented with a page titled "Secure Connection Failed". + That page contains some basic background information (including the + <strong>Error code</strong> that uniquely identifies the type of problem + &brandShortName; detected with the website) and a <strong>Try Again</strong> + button that triggers a page reload.</p> + +<h3 id="untrusted_connection_page">Untrusted Connection Page</h3> + +<p>If SSL itself is enabled then the error page that you will be presented with + will be titled "This Connection is Untrusted". There are many + different reasons why a connection can appear untrusted. Here are some of the + most common ones:</p> + +<ul> + <li>the certificate of the website is <a href="#certificate_expired">no longer + valid (expired)</a></li> + <li>the certificate of the website is + <a href="#certificate_not_yet_valid">not yet valid</a></li> + <li>the certificate of the website is only valid for another website + (<a href="#domain_name_mismatch">domain name mismatch</a>)</li> + <li>the certificate of the website is self-signed (thus the identity of the + website cannot be verified).</li> + <li>the issuer certificate is not trusted (&brandShortName; cannot + verify the identity of the website because it doesn't + recognize the <a href="glossary.xhtml#certificate_authority">certificate + authority (CA)</a> that issued the website's certificate)</li> +</ul> + +<p>The page displayed in the above cases is meant to help you understand why + &brandShortName; was unable to establish a secure connection to the website. + It starts by telling you that the website's identity could not be + verified, then offers you to leave the page by clicking the <strong>This + sounds bad, take me to my home page instead</strong> button. If you are unsure + what to do it is recommended that you follow this advice.</p> + +<p>If you want to know a little bit more about the actual problem at hand you + may expand the corresponding section by clicking the chevron in front of + <strong>Technical Details</strong>. That section also contains the + <strong>Error code</strong> that uniquely identifies the type of problem + &brandShortName; detected with the website.</p> + +<h4 id="add_security_exception">Adding a Security Exception</h4> + +<p>The <strong>I Understand the Risks</strong> section of the Untrusted + Connection page allows you to tell &brandShortName; to explicitly override the + security checks for this website by adding an exception. If you expand the + section by clicking the chevron in front of it you will see an <strong>Add + Exception</strong> button that will take you to a dialog allowing you to get + and view the website's certificate and optionally add a Security + Exception for it (either permanently or just for the current session). Those + exceptions can be administered through the Certificate Manager's + <a href="certs_help.xhtml#servers">Servers</a> tab.</p> + +<h3 id="secure_connection_failed_dialog">Secure Connection Failed Dialog</h3> + +<p>In cases where &brandShortName; cannot determine the actual cause of the + problem a dialog titled "Secure Connection Failed" is shown in + addition to the <a href="#untrusted_connection_page">Untrusted Connection + page</a>. That dialog includes a <strong>View Certificate</strong> button + that allows you to examine the website's certificate more closely.</p> + +<h3 id="certificate_expired">Certificate Expired</h3> + +<p>Like a credit card, a driver's license, and many other forms of + identification, a <a href="glossary.xhtml#certificate">certificate</a> is + valid for a specified period of time. When a certificate expires, the owner + of the certificate needs to get a new one.</p> + +<p>&brandShortName; <a href="#untrusted_connection_page">warns</a> you when you + attempt to visit a website whose server certificate has expired. The first + thing you should do is make sure the time and date displayed by your computer + is correct. If your computer's clock is set to a date that is after the + expiration date, &brandShortName; treats the website's certificate as + expired.</p> + +<p>If your computer's clock is set correctly, you need to make a decision + about whether to trust the website. This decision depends on what you intend + to do at the website and what else you know about it. Most commercial sites + will make sure that they replace their certificates before they expire. If you + choose to continue you need to <a href="#add_security_exception">add a + security exception</a>.</p> + +<h3 id="certificate_not_yet_valid">Certificate Not Yet Valid</h3> + +<p>Like a credit card, a driver's license, and many other forms of + identification, a <a href="glossary.xhtml#certificate">certificate</a> is + valid for a specified period of time.</p> + +<p>&brandShortName; <a href="#untrusted_connection_page">warns</a> you when you + attempt to visit a website whose server certificate's validity period has + not yet started. The first thing you should do is make sure the time and date + displayed by your own computer is correct. If your computer's clock is + set to the wrong date, &brandShortName; may treat the server certificate as + not yet valid even if this is not the case.</p> + +<p>If your computer's clock is set correctly, you need to make a decision + about whether to trust the website. This decision depends on what you intend + to do at the website and what else you know about it. Most commercial sites + will make sure that the validity period for their certificates has begun + before beginning to use them. If you choose to continue you need to + <a href="#add_security_exception">add a security exception</a>.</p> + +<h3 id="domain_name_mismatch">Domain Name Mismatch</h3> + +<p>A server <a href="glossary.xhtml#certificate">certificate</a> specifies the + name of the server in the form of the website's domain name. For example, + the domain name for the Mozilla website is <tt>www.mozilla.org</tt>. If the + domain name in a server's certificate doesn't match the actual + domain name of the website, it may be a sign that someone is attempting to + intercept your communication with the website.</p> + +<p>&brandShortName; <a href="#untrusted_connection_page">warns</a> you when you + attempt to visit a website whose server certificate's domain does not + match the domain of the website you are trying to visit. The decision whether + to trust the website anyway depends on what you intend to do at the site and + what else you know about it. Most commercial sites will make sure that the + host name for a website certificate matches the website's actual host + name. If you choose to continue you need to + <a href="#add_security_exception">add a security exception</a>.</p> + +<p>If you decide to accept the certificate anyway (either for this session or + permanently), you should be cautious about what you do on the website, and you + should treat any information you find there as potentially suspect.</p> + +</body> +</html> |