Using resource records for digital certificate validation
First Claim
1. A computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform a method comprising:
- receiving, by a client computer, a request to retrieve a web page at a uniform resource locator (URL) incorporating a host name;
causing, by the client computer and in response to the receiving the request to retrieve the web page, resource records associated with the host name to be queried for an IP address of a server associated with the host name, a list of certificate authorities, a first digest of a modulus of a digital certificate, and an identifier of an owner of the host name, wherein the IP address of the server, the list of certificate authorities, the first digest of the modulus of the digital certificate, and the identifier of the owner of the host name are stored within the resource records on a Domain Name System (DNS) server;
receiving, by the client computer, from the DNS server, and in response to the causing the resource records to be queried, the IP address of the server, the list of certificate authorities, the first digest of the modulus of the digital certificate, and the identifier of the owner of the host name;
initiating, by the client computer and based on the received IP address, establishment of a secure connection with the server;
receiving, by the client computer, from the server, and in response to the initiating the establishment of the secure connection, the digital certificate incorporated within a communication;
identifying, by the client computer and within the received digital certificate, a certificate authority, the modulus, and a common name of an owner of the digital certificate;
comparing, by the client computer, the identified certificate authority to the received list of certificate authorities;
determining, by the client computer and based on the comparing the identified certificate authority to the received list of certificate authorities, that the identified certificate authority is included in the received list of certificate authorities;
generating, by the client computer, a second digest of the modulus;
comparing, by the client computer, the first digest of the modulus and the second digest of the modulus;
determining, by the client computer and based on the comparing the first digest and the second digest, that the first digest and the second digest match;
comparing, by the client computer, the identifier of the owner of the host name and the common name of the owner of the digital certificate;
determining, by the client computer and based on the comparing the identifier of the owner of the host name and the common name of the owner of the digital certificate, that the owner of the host name and the owner of the digital certificate match;
completing, by the client computer and in response to the determining that the identified certificate authority is included in the received list of certificate authorities, that the first digest and the second digest match, and that the owner of the host name and the owner of the digital certificate match, the establishment of the secure connection with the server; and
retrieving the web page.
1 Assignment
0 Petitions
Accused Products
Abstract
A digital certificate incorporated within a communication is received from a server associated with a host name. Resource records associated with the host name are caused to be queried for a list of certificate authorities. In response to causing the resource records to be queried, the list of certificate authorities is received. A certificate authority is identified within the received digital certificate. The identified certificate authority is compared to the received list of certificate authorities. A determination is made, based on the comparison, that the identified certificate authority is included in the received list of certificate authorities.
-
Citations
2 Claims
-
1. A computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform a method comprising:
-
receiving, by a client computer, a request to retrieve a web page at a uniform resource locator (URL) incorporating a host name; causing, by the client computer and in response to the receiving the request to retrieve the web page, resource records associated with the host name to be queried for an IP address of a server associated with the host name, a list of certificate authorities, a first digest of a modulus of a digital certificate, and an identifier of an owner of the host name, wherein the IP address of the server, the list of certificate authorities, the first digest of the modulus of the digital certificate, and the identifier of the owner of the host name are stored within the resource records on a Domain Name System (DNS) server; receiving, by the client computer, from the DNS server, and in response to the causing the resource records to be queried, the IP address of the server, the list of certificate authorities, the first digest of the modulus of the digital certificate, and the identifier of the owner of the host name; initiating, by the client computer and based on the received IP address, establishment of a secure connection with the server; receiving, by the client computer, from the server, and in response to the initiating the establishment of the secure connection, the digital certificate incorporated within a communication; identifying, by the client computer and within the received digital certificate, a certificate authority, the modulus, and a common name of an owner of the digital certificate; comparing, by the client computer, the identified certificate authority to the received list of certificate authorities; determining, by the client computer and based on the comparing the identified certificate authority to the received list of certificate authorities, that the identified certificate authority is included in the received list of certificate authorities; generating, by the client computer, a second digest of the modulus; comparing, by the client computer, the first digest of the modulus and the second digest of the modulus; determining, by the client computer and based on the comparing the first digest and the second digest, that the first digest and the second digest match; comparing, by the client computer, the identifier of the owner of the host name and the common name of the owner of the digital certificate; determining, by the client computer and based on the comparing the identifier of the owner of the host name and the common name of the owner of the digital certificate, that the owner of the host name and the owner of the digital certificate match; completing, by the client computer and in response to the determining that the identified certificate authority is included in the received list of certificate authorities, that the first digest and the second digest match, and that the owner of the host name and the owner of the digital certificate match, the establishment of the secure connection with the server; and retrieving the web page.
-
-
2. A system comprising:
-
a memory; a processor in communication with the memory, wherein the processor is configured to perform a method comprising; receiving, by a client computer, a request to retrieve a web page at a uniform resource locator (URL) incorporating a host name; causing, by the client computer and in response to the receiving the request to retrieve the web page, resource records associated with the host name to be queried for an IP address of a server associated with the host name, a list of certificate authorities, a first digest of a modulus of a digital certificate, and an identifier of an owner of the host name, wherein the IP address of the server, the list of certificate authorities, the first digest of the modulus of the digital certificate, and the identifier of the owner of the host name are stored within the resource records on a Domain Name System (DNS) server; receiving, by the client computer, from the DNS server, and in response to the causing the resource records to be queried, the IP address of the server, the list of certificate authorities, the first digest of the modulus of the digital certificate, and the identifier of the owner of the host name; initiating, by the client computer and based on the received IP address, establishment of a secure connection with the server; receiving, by the client computer, from the server, and in response to the initiating the establishment of the secure connection, the digital certificate incorporated within a communication; identifying, by the client computer and within the received digital certificate, a certificate authority, the modulus, and a common name of an owner of the digital certificate; comparing, by the client computer, the identified certificate authority to the received list of certificate authorities; determining, by the client computer and based on the comparing the identified certificate authority to the received list of certificate authorities, that the identified certificate authority is included in the received list of certificate authorities; generating, by the client computer, a second digest of the modulus; comparing, by the client computer, the first digest of the modulus and the second digest of the modulus; determining, by the client computer and based on the comparing the first digest and the second digest, that the first digest and the second digest match; comparing, by the client computer, the identifier of the owner of the host name and the common name of the owner of the digital certificate; determining, by the client computer and based on the comparing the identifier of the owner of the host name and the common name of the owner of the digital certificate, that the owner of the host name and the owner of the digital certificate match; completing, by the client computer and in response to the determining that the identified certificate authority is included in the received list of certificate authorities, that the first digest and the second digest match, and that the owner of the host name and the owner of the digital certificate match, the establishment of the secure connection with the server; and retrieving the web page.
-
Specification