It's always good to go out and take a field trip, get out of the office a little bit, clear our heads, enjoy the weather. It's always a good thing, so let's go out and let's do that. Let's go into Internet Explorer real quick, and let's go into Internet Options. Now depending on the web browser you are using you may find this in a different area. Safari is going to have it in a different place, Chrome's going to have it in a different place, Firefox, going to have it in a different place. I'm just showing you generically the concept, apply it localized to your particular world, and look for the same information depending on what kind of browser you use. We're going to be able to come over here, going to go to Internet Options, go to Content. I did that by going to the gear icon right over here for Internet Options and Settings, and then Content. And then over here I can come in under Certificates, and I can go to Certificates right here. And I can open up this window, I'll just put it over here side by side. And I can see different certificates in what is called the Certificate Store. The Certificate Store is where we are able to manage and see certificates loaded into the machine. Now this is one area, I can also create an MMC, a Microsoft Management Console. I can do that by going into the Run line right here, typing MMC, Microsoft Management Console, hitting Enter, it takes just a second. We have our user account control that comes up, we get a little empty console shell. We can go in and we can do Add/Remove Snap-in under the File menu. We're going to add in a snap-in, a snap-in is going to be our control element, an item that we want to be able to interact with in view. Now we can go to Add/Remove Snap-in, we get our little pick list here. And you'll notice we have a certificate item, right there on the left, third option down. We could could add that one over here to the console, or we could say what kind of certificates do we want to see? Do we want to see the snap-in and have it manage certificates for my user account, for the service account, for the computer account? We'll do My user account, hit Finish, put that in there. When we're done we click OK, it loads up. We can open this up and we can see, depending on where we go, what certificates may be loaded in here. And this is just another way of seeing the same information that is going to be available to us, by coming over here to Trusted Root Certificates. And we can effectively see, if we do a quick little comparison there, Add External, Add External, Avast, Avast, Baltimore, Baltimore. It's the same information, it's just a matter of what we want to be able to use as a tool to see it. So it doesn't really matter where we go, point is we can see these certificates in any location. There's at least two if not more ways to do anything inside a Windows system. Again, based on the operating system you may be running, this approach may not work, you may have to use a different technique to see the certificates. I'm just showing you how you maybe able to view them is all, but they are there, you just have to find the right tool. We've already got the MMC open, so we might as well take a look at it here. We'll grab one of these root certificates, let's say, DigiCert Global, and just click on it to open it up, doesn't really matter. And when we do that, we can see a general description of the certificate. You see it here, it's going to ensure the identity of a remote computer, prove the identity to a remote computer. Protect email messages, ensure software came from software publisher, allow data to be signed with current time. These are all the things, the functions, the activity sets the certificate is going to drive and be able to be used for. It is issued to DigiCert Global Roots CA, issued by DigiCert Global Roots CA. It's a self-signed, self-issued certificate, issued from November 9, 2006, to November 9, 2031. It's got a validity period of 25 years, a root certificate usually will be extended for a very long period of time. We then can see details, we could see the version, and is in version 3, so it's actually an X 509 V3 digital certificate. We have a serial number, unique identifier, we could see it there. We have a signature algorithm, it tells us what algorithm was used. It is a sha1 RSA algorithm to do the digital signature, signature hash algorithm, sha1. What we learned about hashing, we learned about sha1 as a hashing algorithm in some of our prior conversations. Quick knowledge element here, quick quiz for all of you. Everybody pay attention, get your pens ready. Do you guys remember what the bit output, the hash bit output is for sha1? Remember how many bits the hash will be, when we run a hash with sha1? You may remember, right, you may be thinking sha1's gotta have a 1 in front of it, it's going to be 1 something. sha1 is short for 160, so sha1 is actually 160 bits on the output, want to make sure you remember that. MD 5, if that was here, would be 128 bits on the output, so we want to make sure we're thinking about that, and that we know that. We have the Azure right here, tells us the name space for the issuer, validity period, valid from, valid to. And as we go down we can see the subject, we could see the public key, uses an RSA bit algorithm as you saw, 2048 bits. There's the public key right there, remember we said the key was just going to be a string of letters and numbers, alphanumeric code, stitched together in blocks of two. That is the key, we talk about the public key, right? That's the key, remember the public key is freely available, you can get it from anywhere. Public key can be used to validate stuff that's done with the private key, so that's why we need the public key, and we have it here. So we can see that, and then we have additional information, things like the key user statement. And we have the friendly name for this certificate, and the thumb print algorithm to validate the thumb print, we can see that. And we can go on and look at all the different fields. So we've put most of those fields, the important ones anyway, on the slide, we'll go back to that in a minute. But you could see where they exist and where they are. We also have the certification path, this is going to establish the hierarchy in the path of trust for this certificate. Now because the certificate is self-signed, there's nothing here, it's just that and nothing else. What we're going to do is drill down one level. So we see that it's self-signed, the certificate is okay, that's good but we're looking at root certificates. Well it's working, instead of trusted root, let's go to intermediate certification authorities, and let's look at certificates here. And we could see we have some certificates that are here as well, these will be subordinate certificates, subordinate in the hierarchy means they're a child below the parent, it'd be one level down. So we can go and we can take a look at another certificate, let's look at, for instance, this one right here, doesn't really matter who did this. This one is old and is not valid, but it will serve our purposes. We can see that the certificate we're looking at is going to be below the Microsoft root authority. Now we can see that the root authority is going to be the parent that issues the certificate, and the subordinate certificate is below that in the trust hierarchy. Now this one has an x which says, hey, this certificate is not valid. It's not valid because it actually has expired, as you see, right? It's old, we're not using it anymore, but we could look at one of these that is valid, does have an extension til 2022. And if we look at the certification path, we could see that the certificate is indeed valid, it shows up as accurate. And we could see the certificate shows okay, and so does the root, or parent, certificate. And we can actually view that parent certificate right from here, and bring it up side by side, and we could say, that certificate is also valid. And sure enough they're both good, we can see them both. So we can open up and look at all of our certificates, by either creating a console, or going in and doing the same thing from Internet Explorer, or whatever our web browser is to view the store. When we do that, we can see the certificates that are issued, and find out information about them. X.509, what we want to add there, because in our mind we know it's X.509, but you just saw it's actually X.509. And what we should put after it, put a little carat there, is that it is a V3 certificate. We'll probably do a better job of that, that wasn't [LAUGH] very good. Let me do this, let's get rid of that, let's get rid of that. And let's use the small pen, instead of using the highlighter. Let's do X.509 and let's do, right up there, v3. And what we really say when we talk about certificates is, is X.509 v3 or version 3? So that's going to be important, we just want to add that and amend that, or append that to the information. But you can see we have the algorithm used for Signature, Issuer Name etc, all that is here. We just want to make sure we're aware of that as we think of digital certificates. It is very important for us to be thinking like that.
