How certificates work

When Opera receives a chain of Public Key Certificate from the server it will verify the authenticity of the certificate(s) by checking that the chain verify correctly, and that the certicate can be traced to one of the Certificate Authority Certificates in the database.

If the certificates cannot be traced to an installed certificate, Opera will ask you if you accept the certificate and the server as legitimate. If you accept the server you will not be asked again while Opera is running. If you shut down Opera the list of accepted servers is not stored to the disk.

If such a certificate chain actually included a selfsigned root certificate, you have the option of installing the root certificate into the database and to set the flags for its use. By installing the certificate, and not unchecking the allow connection flag, you will, implicitly, accept the server.

If the chain is found to be correct, Opera proceeds to check the database entires of those Certificate Authorities that have signed certificates in the chain (at least the top certificate will be present in the database).

If for one (or more) of these Authorities you have unchecked the allow connection flag, you will be shown a Access denied fatal error message, and the connection will be shut down.

If you have Allowed access, but have checked the Warning option for at least one of the Certificates Authorities you will be shown the certificate and asked to accept it. Such warnings will be shown each time such a certificate is received, even if it has been accepted before.

If none of the conditions above occur, Opera will continue the SSL connections without needing input from the user.

NOTE: It is the user's responsibility to decide if he or she is willing to trust any specific Web site, SSL-enabled or not. This is especially true when doing business transactions. The Certificate Authorites generally require a lot of verifiable documentation about the operators of the sites that are issued a certificate, but it is always possible to fool the CA, or the operator may be less than a serious businessman. Opera provides some means to weed out or flag the completly unserious or dubious Certificate Authorities, But YOU will still need to evaluate each of the servers you plan to do business with.

Support

• New to Opera
• Register Opera Mobile
• Tutorials
• Knowledge base
• Community
• Reporting bugs
• Premium support
• Documentation

Web analytics powered by HitsLink. Copyright Opera Software ASA. All rights reserved.

Site Index | Contact | Privacymy.opera.com | operamini.com | widgets.opera.com | dev.opera.com | jobs.opera.com | operapowered.com
jp.opera.com | ru.opera.com | pl.opera.com | de.opera.com | cn.opera.com | tw.opera.com | in.opera.com