Certificates

In Lobster_data you can use certificates for encrypted communication in various places. Here you can manage all certificates centrally.

Terms and Know-how


The terms in this section refer to a so-called public-key infrastructure, especially to the X.509 standard of the International Telecommunications Union (ITU-T), as well as related standards. We assume that you are familiar with secure data transmission terms like asymmetric encryption, public key, private key, certificate, certification authority (CA), fingerprint, signature and related terms. The purpose of this documentation is not to explain these terms and their relationships in detail. There are many freely accessible documents on this subject.

A digital certificate always refers to an asymmetric key pair with a private and a public key. It contains structured data that establish a link between the technical key and the identity of the legal owner (person, organization, company, IT system) of that key. Certificates always contain a validity period and an address of the owner. An important part of this address is the common name (CN).

In the following, we call the combination of a digital certificate and one or both keys a certificate object or simply a certificate.

Partner Certificates


We call a certificate object that contains the digital certificate and only the public key, but not the private key, a partner certificate. The two terms partner certificate and public key are often used synonymously.

Local Certificates


We call a certificate object that contains the digital certificate and both keys (public and private) a local certificate.

Certificate Serial Number


For each local certificate (private and public key), a partner certificate (with public key only) must usually be installed on the partner system with which you want to communicate. In order to be able to unambiguously assign both to each other, a certificate serial number exists. In Lobster_data, the serial number is displayed as a decimal integer.

If the certificate has been signed by an official certification authority, the validity of the certificate can be checked via the Internet. There is also a private and a public key in these cases. The partner certificate (not your local certificate with your private key!) can be exchanged over the net because it is protected against manipulation by the signing. See also section Self-signed or Certified by the Certification Authority. If you email the partner certificate to your the partner, he can use the fingerprint or the checksum to ensure that it has not been modified during the transport.