Security

Authentication and Trust

Checking that the server’s certificate is valid and was issued by a trusted CA gives a high degree of confidence that the server you are communicating with is the correct one. Trusted in this case means trusted by both the server and the client.

You trust the third-party CA if you have the issuer’s root certificate in your client software, such as your browser. For example, if the server you wish to communicate with has a certificate issued by VeriSign, then you must have the appropriate VeriSign root certificate in your browser.

To check for root certificates

1. Open Internet Explorer.
2. On the Tools menu, select Internet Options.
3. Click the Content tab.
4. Click the Certificate button.
5. Select the Trusted Root Certification Authorities tab.

You will then see a list of company root certificates. This list determines which CAs you trust.

Note   If you do not trust or do not recognize a company named in this list, you should remove the certificate.

© 1997-1999 Microsoft Corporation. All rights reserved.