This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Example Certificate
Example Certificate

Version management

Difference between version and

At line 1 added 111 lines
!!! Overview
[{$pagename}] is an [Subject Certificate] [Example] of a [Certificate]
We use the [Subject Certificate] for any non-[Root Certificate] presented to a client from a server.
!! [{$pagename}]
%%prettify
{{{
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:f5:d1:2d:5e:6f:0b:d4:ea:f2:a2:c9:66:f3:b4:ce
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network,
OU=Terms of use at https://www.verisign.com/rpa (c)09,
CN=VeriSign Class 3 Secure Server CA - G2
Validity
Not Before: Jul 15 00:00:00 2010 GMT
Not After : Jul 14 23:59:59 2013 GMT
Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc.,
CN=www.amazon.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:be:89:0e:a1:ad:fa:7d:58:6a:a1:6a:e4:3b:ed:
75:e4:3e:f2:19:f7:f3:0f:fa:d9:ef:62:10:52:7b:
fc:dd:94:96:a8:35:6b:1b:50:60:2e:2e:79:ac:7c:
2e:a3:81:de:8d:37:f9:ee:6e:4f:82:c7:e4:12:04:
55:af:57:69:94:8c:ef:2e:50:7a:6d:53:0f:5b:5f:
62:58:5e:cf:f2:df:f4:4d:ce:71:b6:82:d7:86:e5:
4f:77:e4:91:aa:e4:bd:5a:65:aa:9e:20:4f:38:5e:
b4:8b:e0:36:45:80:a8:d5:24:5c:46:9d:f1:80:c0:
6b:62:a5:1f:26:5e:ae:17:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 CRL Distribution Points:
URI:http://SVRSecure-G2-crl.verisign.com/SVRSecureG2.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.23.3
CPS: https://www.verisign.com/rpa
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Authority Key Identifier:
keyid:A5:EF:0B:11:CE:C0:41:03:A3:4A:65:90:48:
B2:1C:E0:57:2D:7D:47
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
CA Issuers -
URI:http://SVRSecure-G2-aia.verisign.com/SVRSecureG2.cer
1.3.6.1.5.5.7.1.12:
0`.^.\0Z0X0V..image/gif0!0.0...+......Kk.(.....R8.).K..!..0
&.$http://logo.verisign.com/vslogo1.gif
Signature Algorithm: sha1WithRSAEncryption
a8:15:fd:f5:ba:5a:88:99:0c:2a:3d:28:bb:74:82:65:3f:42:
47:21:1f:d4:78:d6:4d:9e:b6:ec:17:cd:18:b7:9e:f9:83:e5:
e9:39:8a:8f:dd:3c:61:d7:c0:eb:f1:72:34:e4:4f:3f:e7:33:
40:a9:49:9f:44:b0:8d:bf:33:b1:76:95:a3:50:21:8f:8f:0c:
1e:60:82:5e:20:98:fa:bf:19:33:1a:12:a1:61:61:3f:a8:5c:
b8:80:9a:a0:34:dc:dd:52:8c:98:85:ba:6d:ce:bc:e0:4c:a9:
9b:38:c5:4d:56:10:ba:ef:72:8a:1b:08:68:7b:dd:59:43:e5:
33:1b:0a:3f:bd:43:2a:cb:ee:34:36:43:d5:69:d7:ca:7a:83:
a9:ab:e6:15:ef:94:e8:95:65:2b:f6:9e:11:4e:5f:0e:19:01:
76:a1:30:36:06:52:f1:09:e0:cf:d4:71:16:0d:80:ba:12:26:
9e:93:4b:1c:5f:83:4c:2c:d0:69:3b:c5:99:31:c4:4c:8f:27:
be:49:9a:ac:21:3e:4a:5d:e1:18:d3:39:44:62:04:16:da:cc:
d8:ed:3d:88:d2:a6:e3:ae:6f:eb:13:af:f1:6d:7e:d2:02:48:
35:3c:2f:9a:a0:f5:bc:55:ea:a4:7b:8a:de:62:0b:73:9c:58:
41:1c:2c:51
}}} /%
[RFC 5280] The structure of an [X.509] v3 digital [certificate] is as follows:
* [Basic Certificate Fields]
** [TBSCertificate]
** [signatureAlgorithm]
** [signatureValue]
! tbsCertificate
[TBSCertificate] includes the following:
* [Certificate Version] - The version number field is intended to facilitate orderly changes in [certificate] formats over time. The initial [version] number for [certificates] used in [PEM] is the [X.509] default which has a value of zero (0), indicating the [1988|Year 1988] version. [PEM] implementations are encouraged to accept later [versions] as they are endorsed by [CCITT]/[ISO].
* [Certificate Serial Number] - The serial number field provides a short form, unique identifier for each certificate generated by an issuer. An issuer must ensure that no two distinct certificates with the same issuer DN contain the same serial number.
* [Certificate Algorithm ID] - This field specifies the algorithm used by the issuer to sign the certificate, and any parameters associated with the algorithm.
* [Certificate Issuer] - A certificate provides a representation of its issuer's [identity|Digital Identity], in the form of a [Distinguished Name|DN].
* [Certificate Validity Period] - A certificate carries a pair of date and time indications, indicating the start and end of the time period over which a certificate is intended to be used.
** [Validity-Not Before|Not Before]
** [Validity-Not After|Not After]
* [Certificate Subject] - A certificate provides a representation of its subject's identity in the form of a [Distinguished Name|DN] and optionally [Subject Alternative Names]
* [Subject Public Key Info] - A certificate carries the public component of its associated subject, as well as an indication of the algorithm, and any algorithm parameters, with which the public component is to be used.
** [Public Key Algorithm]
** [RSA Public Key]
** [Certificate Modulus]
** [Certificate Exponent]
* [KeyUsage]
* [Issuer Unique Identifier] ([OPTIONAL])
* [Subject Unique Identifier] ([OPTIONAL])
* [Certificate Extensions] (optional) - Each extension has its own id, expressed as [Object identifier|OID], which is a set of values, together with either a critical or non-critical indication.
** [extendedKeyUsage]
* [Certificate Signature Algorithm] - This field specifies the algorithm used by the issuer to sign the certificate, and any parameters associated with the algorithm.
* [Certificate Signature] - The binary signature of the certificate.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop