Introducing the Opera Rootstore
By Yngve Nysæter Pettersen. Thursday, 3. July 2008, 15:23:56
Welcome to the new home page of the Opera Root Certificate Store.
Root Certificates are used in several security areas to get assurance of identity, by establishing a relationship between the control of the private key associated with the public key in a certificate signed by the Root Certificate, and the entity identified by the certificate. The keypair can then be used to establish various forms of secure communication with that party, such as digital signatures and encrypted connections.
The area where certificates are most widely used is to set up and secure SSL/TLS connections, for example, to secure your online banking transactions and online shopping.
To use certificates signed by a Root properly, the application needs a copy of the Root provided by the owner of the Root via a different route than from the web site presenting the certificate, so that we can be assured that the Root is the real Root, and not a look-alike.
That is why we have the Rootstore database. The Rootstore is where we store the list of Roots that are either pre-checked by us and shipped with Opera, or installed by the user.
In Opera 9.50 we changed the design of the Rootstore. In the new system, only the most frequently used Roots are shipped with the Opera executable, while the other Roots are stored in our online root repository at https://certs.opera.com/ and will be automatically downloaded and installed, as needed.
"The Rootstore" home page will be where we will announce all updates of the online Root repository, as well as other public information about this part of the Opera browser.
If you represent a CA that wants to have its certificate added to Opera's rootstore, please see http://www.opera.com/docs/ca/ for information about the procedure.
Root Certificates are used in several security areas to get assurance of identity, by establishing a relationship between the control of the private key associated with the public key in a certificate signed by the Root Certificate, and the entity identified by the certificate. The keypair can then be used to establish various forms of secure communication with that party, such as digital signatures and encrypted connections.
The area where certificates are most widely used is to set up and secure SSL/TLS connections, for example, to secure your online banking transactions and online shopping.
To use certificates signed by a Root properly, the application needs a copy of the Root provided by the owner of the Root via a different route than from the web site presenting the certificate, so that we can be assured that the Root is the real Root, and not a look-alike.
That is why we have the Rootstore database. The Rootstore is where we store the list of Roots that are either pre-checked by us and shipped with Opera, or installed by the user.
In Opera 9.50 we changed the design of the Rootstore. In the new system, only the most frequently used Roots are shipped with the Opera executable, while the other Roots are stored in our online root repository at https://certs.opera.com/ and will be automatically downloaded and installed, as needed.
"The Rootstore" home page will be where we will announce all updates of the online Root repository, as well as other public information about this part of the Opera browser.
If you represent a CA that wants to have its certificate added to Opera's rootstore, please see http://www.opera.com/docs/ca/ for information about the procedure.
WIDGETIZE
cakruege # 24. September 2008, 14:35
is it possible to stop loading ca certificates from https://certs.opera.com/?
How is this system secured against compromising certs.opera.com?
greetings
Carsten
yngve # 24. September 2008, 15:24
http://my.opera.com/rootstore/blog/2008/07/03/rootstore-newsletter.
certs.opera.com is also just a front end, it does not generate the files.