Overview#
The Certificate Signature (or Certificate Fingerprint) field is computed from Hash from the Cryptographic Hash Function of the whole Certificate using the identified Certificate Signature Algorithm.Certificate Signature field is generated at the time it was created by Certificate Issuer. The process is:
- Hash from the Cryptographic Hash Function of the whole certificate using the identified Certificate Signature Algorithm
- Raise this Hash to Certificate Issuer's Public Key Certificate Exponent value
- And then divide this by the Certificate Issuer's Public Key Certificate Modulus value.
HashCertificate Issuer's Public Key Certificate Exponent/MOD(Certificate Issuer's Public Key Certificate Modulus value)
Since the Certificate Issuer's Public Key is available to all, for Certificate Validation we can perform these same steps and calculate the value. The calculated value should match the value on the Protocol Server's Certificate.