summaryrefslogtreecommitdiffstats
path: root/l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml
diff options
context:
space:
mode:
Diffstat (limited to 'l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml')
-rw-r--r--l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml491
1 files changed, 491 insertions, 0 deletions
diff --git a/l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml b/l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml
new file mode 100644
index 0000000000..8eb9542c69
--- /dev/null
+++ b/l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml
@@ -0,0 +1,491 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"[
+ <!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" >
+ %brandDTD;
+]>
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Certificate Information and Decisions</title>
+<link rel="stylesheet" href="helpFileLayout.css"
+ type="text/css"/>
+</head>
+<body>
+
+<div class="boilerPlate">This document is provided for your information only.
+ It may help you take certain steps to protect the privacy and security of
+ your personal information on the Internet. This document does not, however,
+ address all online privacy and security issues, nor does it represent a
+ recommendation about what constitutes adequate privacy and security
+ protection on the Internet.</div>
+
+<h1 id="certificate_information_and_decisions">Certificate Information and
+ Decisions</h1>
+
+<p>This section describes how to use various windows displayed at different times by
+ Certificate Manager. The additional information given here appears when you click
+ the Help button in one of those windows.</p>
+
+<div class="contentsBox">In this section:
+ <ul>
+ <li><a href="#certificate_viewer">Certificate Viewer</a></li>
+ <li><a href="#choose_security_device">Choose Security Device</a></li>
+ <li><a href="#encryption_key_copy">Encryption Key Copy</a></li>
+ <li><a href="#certificate_backup">Certificate Backup</a></li>
+ <li><a href="#user_identification_request">User Identification Request</a></li>
+ <li><a href="#new_certificate_authority">New Certificate Authority</a></li>
+ <li><a href="#website_certificates">Website Certificates</a></li>
+ </ul>
+</div>
+
+<h2 id="certificate_viewer">Certificate Viewer</h2>
+
+<p>The Certificate Viewer displays information about a certificate you selected
+ in one of the Certificate Manager tabs. The General tab summarizes
+ information about who issued the certificate, its verification status, what
+ the certificate can be used for, and so on. The Details tab provides complete
+ details on the certificate&apos;s contents.</p>
+
+<p>If you are not currently viewing the Certificate Viewer, follow these
+ steps:</p>
+
+<ol>
+ <li>Open the <span class="mac">&brandShortName;</span>
+ <span class="noMac">Edit</span> menu and choose Preferences.</li>
+ <li>Under the Privacy &amp; Security category, click Certificates. (If no
+ subcategories are visible, double-click Privacy &amp; Security to expand
+ the list.)</li>
+ <li>Click Manage Certificates.</li>
+ <li>Click the tab for the type of certificate whose details you want to
+ view.</li>
+ <li>Select the certificate whose details you want to view.</li>
+ <li>Click View.</li>
+</ol>
+
+<div class="contentsBox">In this section:
+ <ul>
+ <li><a href="#general_tab">General Tab</a></li>
+ <li><a href="#details_tab">Details Tab</a></li>
+ </ul>
+</div>
+
+<h3 id="general_tab">General Tab</h3>
+
+<p>When you first open the Certificate Viewer, the General tab displays several
+ kinds of information about the selected certificate:</p>
+
+<ul>
+ <li><strong>This certificate has been verified for the following
+ uses</strong>: See
+ <a href="glossary.xhtml#certificate_verification">certificate verification</a>
+ for a discussion of how the Certificate Manager verifies certificates. Uses
+ can include any of the following:
+ <ul>
+ <li><strong>SSL Client Certificate</strong>: Certificate used to identify
+ you to websites.</li>
+ <li><strong>SSL Server Certificate</strong>: Certificate used to identify
+ a website server to browsers.</li>
+ <li><strong>Email Signer Certificate</strong>: Certificate used to
+ identify you for the purposes of digitally signing email messages.</li>
+ <li><strong>Email Recipient Certificate</strong>: Certificate used to
+ identify someone else, for example so you can send that person
+ encrypted email.</li>
+ <li><strong>Status Responder Certificate</strong>: Certificate used to
+ identify an online status responder that uses the Online Certificate
+ Status Protocol (OCSP) to check the validity of certificates. For more
+ information about OCSP, see
+ <a href="certs_prefs_help.xhtml">Certificates Settings</a>.</li>
+ <li><strong>SSL Certificate Authority</strong>: Certificate used to
+ identify a certificate authority&mdash;that is, a service that issues
+ certificates for use as identification over computer networks.</li>
+ </ul>
+ </li>
+ <li><strong>Issued To</strong>: Summarizes the following information about
+ the certificate:
+ <ul>
+ <li><strong>Common Name</strong>: The name of the person or other entity
+ that the certificate identifies.</li>
+ <li><strong>Organization</strong>: The name of the organization to which
+ the entity belongs (such as the name of a company).</li>
+ <li><strong>Organizational Unit</strong>: The name of the organizational
+ unit to which the entity belongs (such as Accounting Department).</li>
+ <li><strong>Serial Number</strong>: The certificate&apos;s serial
+ number.</li>
+ </ul>
+ </li>
+ <li><strong>Issued By</strong>: Summarizes information (similar to that
+ provided under <q>Issued To</q>; see above) about the certificate authority
+ (CA) that issued the certificate.</li>
+ <li><strong>Validity</strong>: Indicates the period during which the
+ certificate is valid.</li>
+ <li><strong>Fingerprints</strong>: Lists the certificate&apos;s fingerprints.
+ A fingerprint is a unique number produced by applying a mathematical
+ function to the certificate contents. A certificate&apos;s fingerprint can
+ be used to verify that the certificate has not been tampered with.</li>
+</ul>
+
+<h3 id="details_tab">Details Tab</h3>
+
+<p>Click the Details tab at the top of the Certificate Viewer to see more
+ detailed information about the selected certificate. To examine information
+ for any certificate in the Certificate Hierarchy area, select its name,
+ select the field under Certificate Fields that you want to examine, and
+ read the field&apos;s value under Field Value:</p>
+
+<ul>
+ <li><strong>Certificate Hierarchy</strong>: Displays the certificate chain,
+ with the certificate you originally selected at the bottom. A certificate
+ chain is a hierarchical series of certificates signed by successive
+ certificate authorities (CAs). A CA certificate identifies a
+ <a href="glossary.xhtml#certificate_authority">certificate authority</a>
+ and is used to sign certificates issued by that authority. A CA certificate
+ can in turn be signed by the CA certificate of a parent CA and so on up to
+ a <a href="glossary.xhtml#root_ca">root CA</a>.</li>
+ <li><strong>Certificate Fields</strong>: Displays the fields of the
+ certificate selected under Certificate Hierarchy.</li>
+ <li><strong>Field Value</strong>: Displays the value of the field selected
+ under Certificate Fields.</li>
+</ul>
+
+<p>The Certificate Viewer displays basic ANSI types in human-readable form
+ wherever possible. For fields whose contents the Certificate Manager cannot
+ interpret, it displays the actual values contained in the certificate.</p>
+
+<h2 id="choose_security_device">Choose Security Device</h2>
+
+<p>A security device (sometimes called a token) is a hardware or software
+ device that provides cryptographic services such as encryption and decryption
+ and stores certificates and keys. The Choose Security Device window appears
+ when Certificate Manager needs help deciding which security device to use
+ when importing a certificate or performing a cryptographic operation, such as
+ generating keys for a new certificate. This window allows you to select one
+ of two or more security devices that Certificate Manager has detected on your
+ machine.</p>
+
+<p>A smart card is one example of a security device. For example, if a smart
+ card reader connected to your computer has a smart card inserted in it, the
+ name of the smart card will show up in the drop-down menu. In this case, you
+ must choose the name of the smart card from the menu to let Certificate
+ Manager know that you want to use it.</p>
+
+<p>The Certificate Manager also supplies its own default, built-in security
+ device, which can always be used no matter what additional devices are or
+ aren&apos;t available.</p>
+
+<h2 id="encryption_key_copy">Encryption Key Copy</h2>
+
+<p><a href="glossary.xhtml#certificate_authority">Certificate authorities (CAs)</a>
+ that issue separate signing and encryption email certificates typically make
+ backup copies of your private
+ <a href="glossary.xhtml#encryption_key">encryption key</a> during the
+ certificate enrollment process.</p>
+
+<p>The Encryption Key Copy dialog box allows you to approve the creation of
+ such a backup or cancel the certificate request. A CA that has archived a
+ backup copy of your encryption key has the potential capability of
+ decrypting any messages you receive that were encrypted with your
+ corresponding public key.</p>
+
+<p>You can take these actions from the Encryption Key Copy dialog box:</p>
+
+<ul>
+ <li><strong>View Certificate</strong>: To view the certificate identifying
+ the CA that is requesting the backup copy, click View Certificate.</li>
+ <li><strong>OK</strong>: If you trust the CA identified by the CA certificate
+ to decrypt encrypted messages that you receive, click OK.
+
+ <p>If you are not sure whether to trust the CA that is requesting the
+ backup copy, talk to your system administrator.</p>
+ </li>
+ <li><strong>Cancel</strong>: If you don&apos;t trust the CA that is
+ requesting the backup copy, don&apos;t request a certificate from it. Click
+ Cancel to stop both the backup procedure and the request for a
+ certificate.</li>
+</ul>
+
+<p>After your CA makes a backup copy of the encryption key, you will be able to
+ use that key to access your encrypted mail even if you lose your password or
+ lose your own copy of the key. If no backup copy of your encryption key
+ exists and you lose your password or the key, you will have no way of reading
+ email messages that were encrypted with that key.</p>
+
+<h2 id="certificate_backup">Certificate Backup</h2>
+
+<p>When you receive a certificate, make a backup copy of the certificate and
+ its private key, then store the copy in a safe place. For example, you can
+ put the copy on a floppy disk and store it with other valuable items under
+ lock and key. That way, even if you have hard disk or file corruption
+ problems, you can easily restore the certificate.</p>
+
+<p>It can be inconvenient, at best, and in some situations catastrophic to lose
+ your certificate and its associated private key, depending on what you use it
+ for. For example:</p>
+
+<ul>
+ <li>If you lose a certificate that identifies you to important websites, you
+ will not be able to access those websites until you obtain a new
+ certificate. </li>
+ <li>If you lose a certificate used to encrypt email messages, you will not
+ be able to read any of your encrypted email&mdash;including both encrypted
+ messages that you have sent and encrypted messages that you have received.
+ In this case, if you cannot obtain a backup of the private encryption key
+ associated with the certificate, you will never be able to read any of the
+ messages encrypted with that key.</li>
+</ul>
+
+<p>Like any other valuable data, certificates should be backed up to avoid
+ future trouble and expense. Do it now so you don&apos;t forget.</p>
+
+<h2 id="user_identification_request">User Identification Request</h2>
+
+<p>Some websites require that you identify yourself with a certificate rather
+ than a name and password, because certificates provide a more reliable form
+ of identification. This method of identifying yourself over the Internet is
+ sometimes called
+ <a href="glossary.xhtml#client_authentication">client authentication</a>.</p>
+
+<p>However, Certificate Manager may have more than one certificate on file that
+ can be used for the purposes of identifying yourself to a website. In this
+ case, Certificate Manager presents the User Identification Request dialog
+ box, which displays two kinds of information:</p>
+
+<p><strong>This site has requested that you identify yourself with a
+ certificate</strong>: This section of the dialog box lists the following
+ information:</p>
+
+<ul>
+ <li><strong>Host name</strong>: The name of the server requesting
+ identification, used as part of its URL. For example, the host name for the
+ Netscape website is <tt>home.netscape.com</tt>.</li>
+ <li><strong>Organization</strong>: The name of the organization that runs the
+ website.</li>
+ <li><strong>Issued under</strong>: The name of the
+ <a href="glossary.xhtml#certificate_authority">certificate authority (CA)</a>
+ that issued the certificate.</li>
+</ul>
+
+<p><strong>Choose a certificate to present as identification</strong>: The
+ certificates you have available for the purposes of identifying yourself to a
+ website are listed in the drop-down list in this section of the dialog box.
+ Choose the certificate that seems most likely to be recognized by the website
+ you want to visit.</p>
+
+<p>To help you decide, the following details of the selected certificate are
+ displayed:</p>
+
+<ul>
+ <li><strong>Issued to</strong>: Lists information about the person identified
+ by the certificate (for example, your name and email address) and the
+ certificate&apos;s serial number and validity dates.</li>
+ <li><strong>Issued by</strong>: Summarizes information about the CA that
+ issued the certificate, such as its name, location, and state.</li>
+</ul>
+
+<h2 id="new_certificate_authority">New Certificate Authority</h2>
+
+<p>The certificates that the Certificate Manager has on file, whether stored on
+ your computer or on an external security device such as a smart card, include
+ certificates that identify
+ <a href="glossary.xhtml#certificate_authority">certificate authorities (CAs)</a>.
+ To be able to recognize any other certificates it has on file, Certificate
+ Manager must have certificates for the CAs that issued or authorized issuance
+ of those certificates.</p>
+
+<p>When you decide to trust a CA, Certificate Manager downloads that CA&apos;s
+ certificate and can then recognize the kinds of certificates you trust that
+ CA to issue.</p>
+
+<p>Before downloading a new CA certificate, Certificate Manager allows you to
+ specify the purposes for which you trust the certificate, if at all. You can
+ select any of the following options:</p>
+
+<ul>
+ <li><strong>Trust this CA to identify websites</strong>: Website certificates
+ for some websites, such as those that handle financial transactions, can be
+ extremely important, and inappropriate or false identification can have
+ negative consequences.</li>
+ <li><strong>Trust this CA to identify email users</strong>: If you intend to
+ send email users confidential information in encrypted form, or if accurate
+ identification of email users is important to you for any other reason, you
+ should consider carefully the CA&apos;s procedures for identifying
+ prospective certificate owners and whether they are appropriate for your
+ purposes before selecting this option.</li>
+ <li><strong>Trust this CA to identify software developers</strong>: Selecting
+ this option means that you trust the CA to issue certificates that identify
+ the origin of Java applets and JavaScript scripts requesting special access
+ to your computer, such as the ability to change files. Since such access
+ privileges can be misused, for example to destroy data stored on your hard
+ disk, be very careful about selecting this option unless you are certain
+ that you trust the CA for this purpose.</li>
+</ul>
+
+<p>Before you decide to trust a new CA, make sure that you know who is
+ operating it. Make sure the CA&apos;s policies and procedures are
+ appropriate for the kinds of certificates it issues. For example, if the CA
+ issues certificates identifying websites you use for financial transactions,
+ make sure you are comfortable with the level of assurance the CA
+ provides.</p>
+
+<ul>
+ <li><strong>View</strong>: Click this button to view the CA certificate you
+ are about to download. If you decide you don&apos;t want to download this
+ certificate, click Cancel.</li>
+</ul>
+
+<h2 id="website_certificates">Website Certificates</h2>
+
+<p>When you attempt to go to a website that supports the use of
+ <a href="glossary.xhtml#ssl">SSL</a> for
+ <a href="glossary.xhtml#authentication">authentication</a> and
+ <a href="glossary.xhtml#encryption">encryption</a>, you may be faced with an
+ error page. There are two types, one called
+ <a href="#secure_connection_failed_page">Secure Connection Failed</a> and one
+ called <a href="#untrusted_connection_page">Untrusted Connection</a>.</p>
+
+<div class="contentsBox">In this section:
+ <ul>
+ <li><a href="#secure_connection_failed_page">Secure Connection Failed
+ Page</a></li>
+ <li><a href="#untrusted_connection_page">Untrusted Connection Page</a></li>
+ <li><a href="#secure_connection_failed_dialog">Secure Connection Failed
+ Dialog</a></li>
+ <li><a href="#certificate_expired">Server Certificate Expired</a></li>
+ <li><a href="#certificate_not_yet_valid">Server Certificate Not Yet
+ Valid</a></li>
+ <li><a href="#domain_name_mismatch">Domain Name Mismatch</a></li>
+ </ul>
+</div>
+
+<h3 id="secure_connection_failed_page">Secure Connection Failed Page</h3>
+
+<p>In the case where you have disabled the SSL protocol (e.g. through
+ <a href="ssl_help.xhtml#ssl_settings">SSL Settings</a>) or the website that
+ you are accessing is using an older, insecure version of the SSL protocol then
+ you will be presented with a page titled &quot;Secure Connection Failed&quot;.
+ That page contains some basic background information (including the
+ <strong>Error code</strong> that uniquely identifies the type of problem
+ &brandShortName; detected with the website) and a <strong>Try Again</strong>
+ button that triggers a page reload.</p>
+
+<h3 id="untrusted_connection_page">Untrusted Connection Page</h3>
+
+<p>If SSL itself is enabled then the error page that you will be presented with
+ will be titled &quot;This Connection is Untrusted&quot;. There are many
+ different reasons why a connection can appear untrusted. Here are some of the
+ most common ones:</p>
+
+<ul>
+ <li>the certificate of the website is <a href="#certificate_expired">no longer
+ valid (expired)</a></li>
+ <li>the certificate of the website is
+ <a href="#certificate_not_yet_valid">not yet valid</a></li>
+ <li>the certificate of the website is only valid for another website
+ (<a href="#domain_name_mismatch">domain name mismatch</a>)</li>
+ <li>the certificate of the website is self-signed (thus the identity of the
+ website cannot be verified).</li>
+ <li>the issuer certificate is not trusted (&brandShortName; cannot
+ verify the identity of the website because it doesn&apos;t
+ recognize the <a href="glossary.xhtml#certificate_authority">certificate
+ authority (CA)</a> that issued the website&apos;s certificate)</li>
+</ul>
+
+<p>The page displayed in the above cases is meant to help you understand why
+ &brandShortName; was unable to establish a secure connection to the website.
+ It starts by telling you that the website&apos;s identity could not be
+ verified, then offers you to leave the page by clicking the <strong>This
+ sounds bad, take me to my home page instead</strong> button. If you are unsure
+ what to do it is recommended that you follow this advice.</p>
+
+<p>If you want to know a little bit more about the actual problem at hand you
+ may expand the corresponding section by clicking the chevron in front of
+ <strong>Technical Details</strong>. That section also contains the
+ <strong>Error code</strong> that uniquely identifies the type of problem
+ &brandShortName; detected with the website.</p>
+
+<h4 id="add_security_exception">Adding a Security Exception</h4>
+
+<p>The <strong>I Understand the Risks</strong> section of the Untrusted
+ Connection page allows you to tell &brandShortName; to explicitly override the
+ security checks for this website by adding an exception. If you expand the
+ section by clicking the chevron in front of it you will see an <strong>Add
+ Exception</strong> button that will take you to a dialog allowing you to get
+ and view the website&apos;s certificate and optionally add a Security
+ Exception for it (either permanently or just for the current session). Those
+ exceptions can be administered through the Certificate Manager&apos;s
+ <a href="certs_help.xhtml#servers">Servers</a> tab.</p>
+
+<h3 id="secure_connection_failed_dialog">Secure Connection Failed Dialog</h3>
+
+<p>In cases where &brandShortName; cannot determine the actual cause of the
+ problem a dialog titled &quot;Secure Connection Failed&quot; is shown in
+ addition to the <a href="#untrusted_connection_page">Untrusted Connection
+ page</a>. That dialog includes a <strong>View Certificate</strong> button
+ that allows you to examine the website&apos;s certificate more closely.</p>
+
+<h3 id="certificate_expired">Certificate Expired</h3>
+
+<p>Like a credit card, a driver&apos;s license, and many other forms of
+ identification, a <a href="glossary.xhtml#certificate">certificate</a> is
+ valid for a specified period of time. When a certificate expires, the owner
+ of the certificate needs to get a new one.</p>
+
+<p>&brandShortName; <a href="#untrusted_connection_page">warns</a> you when you
+ attempt to visit a website whose server certificate has expired. The first
+ thing you should do is make sure the time and date displayed by your computer
+ is correct. If your computer&apos;s clock is set to a date that is after the
+ expiration date, &brandShortName; treats the website&apos;s certificate as
+ expired.</p>
+
+<p>If your computer&apos;s clock is set correctly, you need to make a decision
+ about whether to trust the website. This decision depends on what you intend
+ to do at the website and what else you know about it. Most commercial sites
+ will make sure that they replace their certificates before they expire. If you
+ choose to continue you need to <a href="#add_security_exception">add a
+ security exception</a>.</p>
+
+<h3 id="certificate_not_yet_valid">Certificate Not Yet Valid</h3>
+
+<p>Like a credit card, a driver&apos;s license, and many other forms of
+ identification, a <a href="glossary.xhtml#certificate">certificate</a> is
+ valid for a specified period of time.</p>
+
+<p>&brandShortName; <a href="#untrusted_connection_page">warns</a> you when you
+ attempt to visit a website whose server certificate&apos;s validity period has
+ not yet started. The first thing you should do is make sure the time and date
+ displayed by your own computer is correct. If your computer&apos;s clock is
+ set to the wrong date, &brandShortName; may treat the server certificate as
+ not yet valid even if this is not the case.</p>
+
+<p>If your computer&apos;s clock is set correctly, you need to make a decision
+ about whether to trust the website. This decision depends on what you intend
+ to do at the website and what else you know about it. Most commercial sites
+ will make sure that the validity period for their certificates has begun
+ before beginning to use them. If you choose to continue you need to
+ <a href="#add_security_exception">add a security exception</a>.</p>
+
+<h3 id="domain_name_mismatch">Domain Name Mismatch</h3>
+
+<p>A server <a href="glossary.xhtml#certificate">certificate</a> specifies the
+ name of the server in the form of the website&apos;s domain name. For example,
+ the domain name for the Mozilla website is <tt>www.mozilla.org</tt>. If the
+ domain name in a server&apos;s certificate doesn&apos;t match the actual
+ domain name of the website, it may be a sign that someone is attempting to
+ intercept your communication with the website.</p>
+
+<p>&brandShortName; <a href="#untrusted_connection_page">warns</a> you when you
+ attempt to visit a website whose server certificate&apos;s domain does not
+ match the domain of the website you are trying to visit. The decision whether
+ to trust the website anyway depends on what you intend to do at the site and
+ what else you know about it. Most commercial sites will make sure that the
+ host name for a website certificate matches the website&apos;s actual host
+ name. If you choose to continue you need to
+ <a href="#add_security_exception">add a security exception</a>.</p>
+
+<p>If you decide to accept the certificate anyway (either for this session or
+ permanently), you should be cautious about what you do on the website, and you
+ should treat any information you find there as potentially suspect.</p>
+
+</body>
+</html>