Overview#
Example Certificate is an Subject Certificate Example of a CertificateWe use the Subject Certificate for any non-Root Certificate presented to a client from a server.
Example Certificate#
Certificate: Data: Version: 3 (0x2) Serial Number: 25:f5:d1:2d:5e:6f:0b:d4:ea:f2:a2:c9:66:f3:b4:ce Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Secure Server CA - G2 Validity Not Before: Jul 15 00:00:00 2010 GMT Not After : Jul 14 23:59:59 2013 GMT Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=www.amazon.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:be:89:0e:a1:ad:fa:7d:58:6a:a1:6a:e4:3b:ed: 75:e4:3e:f2:19:f7:f3:0f:fa:d9:ef:62:10:52:7b: fc:dd:94:96:a8:35:6b:1b:50:60:2e:2e:79:ac:7c: 2e:a3:81:de:8d:37:f9:ee:6e:4f:82:c7:e4:12:04: 55:af:57:69:94:8c:ef:2e:50:7a:6d:53:0f:5b:5f: 62:58:5e:cf:f2:df:f4:4d:ce:71:b6:82:d7:86:e5: 4f:77:e4:91:aa:e4:bd:5a:65:aa:9e:20:4f:38:5e: b4:8b:e0:36:45:80:a8:d5:24:5c:46:9d:f1:80:c0: 6b:62:a5:1f:26:5e:ae:17:47 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 CRL Distribution Points: URI:http://SVRSecure-G2-crl.verisign.com/SVRSecureG2.crl X509v3 Certificate Policies: Policy: 2.16.840.1.113733.1.7.23.3 CPS: https://www.verisign.com/rpa X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Authority Key Identifier: keyid:A5:EF:0B:11:CE:C0:41:03:A3:4A:65:90:48: B2:1C:E0:57:2D:7D:47 Authority Information Access: OCSP - URI:http://ocsp.verisign.com CA Issuers - URI:http://SVRSecure-G2-aia.verisign.com/SVRSecureG2.cer 1.3.6.1.5.5.7.1.12: 0`.^.\0Z0X0V..image/gif0!0.0...+......Kk.(.....R8.).K..!..0 &.$http://logo.verisign.com/vslogo1.gif Signature Algorithm: sha1WithRSAEncryption a8:15:fd:f5:ba:5a:88:99:0c:2a:3d:28:bb:74:82:65:3f:42: 47:21:1f:d4:78:d6:4d:9e:b6:ec:17:cd:18:b7:9e:f9:83:e5: e9:39:8a:8f:dd:3c:61:d7:c0:eb:f1:72:34:e4:4f:3f:e7:33: 40:a9:49:9f:44:b0:8d:bf:33:b1:76:95:a3:50:21:8f:8f:0c: 1e:60:82:5e:20:98:fa:bf:19:33:1a:12:a1:61:61:3f:a8:5c: b8:80:9a:a0:34:dc:dd:52:8c:98:85:ba:6d:ce:bc:e0:4c:a9: 9b:38:c5:4d:56:10:ba:ef:72:8a:1b:08:68:7b:dd:59:43:e5: 33:1b:0a:3f:bd:43:2a:cb:ee:34:36:43:d5:69:d7:ca:7a:83: a9:ab:e6:15:ef:94:e8:95:65:2b:f6:9e:11:4e:5f:0e:19:01: 76:a1:30:36:06:52:f1:09:e0:cf:d4:71:16:0d:80:ba:12:26: 9e:93:4b:1c:5f:83:4c:2c:d0:69:3b:c5:99:31:c4:4c:8f:27: be:49:9a:ac:21:3e:4a:5d:e1:18:d3:39:44:62:04:16:da:cc: d8:ed:3d:88:d2:a6:e3:ae:6f:eb:13:af:f1:6d:7e:d2:02:48: 35:3c:2f:9a:a0:f5:bc:55:ea:a4:7b:8a:de:62:0b:73:9c:58: 41:1c:2c:51
tbsCertificate#
TBSCertificate includes the following:- Certificate Version - The version number field is intended to facilitate orderly changes in certificate formats over time. The initial version number for certificates used in PEM is the X.509 default which has a value of zero (0), indicating the 1988 version. PEM implementations are encouraged to accept later versions as they are endorsed by CCITT/ISO.
- Certificate Serial Number - The serial number field provides a short form, unique identifier for each certificate generated by an issuer. An issuer must ensure that no two distinct certificates with the same issuer DN contain the same serial number.
- Certificate Algorithm ID - This field specifies the algorithm used by the issuer to sign the certificate, and any parameters associated with the algorithm.
- Certificate Issuer - A certificate provides a representation of its issuer's identity, in the form of a Distinguished Name.
- Certificate Validity Period - A certificate carries a pair of date and time indications, indicating the start and end of the time period over which a certificate is intended to be used.
- Certificate Subject - A certificate provides a representation of its subject's identity in the form of a Distinguished Name and optionally Subject Alternative Names
- Subject Public Key Info - A certificate carries the public component of its associated subject, as well as an indication of the algorithm, and any algorithm parameters, with which the public component is to be used.
- KeyUsage
- Issuer Unique Identifier (OPTIONAL)
- Subject Unique Identifier (OPTIONAL)
- Certificate Extensions (optional) - Each extension has its own id, expressed as Object identifier, which is a set of values, together with either a critical or non-critical indication.
- Certificate Signature Algorithm - This field specifies the algorithm used by the issuer to sign the certificate, and any parameters associated with the algorithm.
- Certificate Signature - The binary signature of the certificate.