Overview#

The Certificate Signature (or Certificate Fingerprint) field is computed from Hash from the Cryptographic Hash Function of the whole Certificate using the identified Certificate Signature Algorithm.

Certificate Signature field is generated at the time it was created by Certificate Issuer. The process is:

• Hash from the Cryptographic Hash Function of the whole certificate using the identified Certificate Signature Algorithm
• Raise this Hash to Certificate Issuer's Public Key Certificate Exponent value
• And then divide this by the Certificate Issuer's Public Key Certificate Modulus value.

we then only use the we get this "decrypted" signature.

HashCertificate Issuer's Public Key Certificate Exponent/MOD(Certificate Issuer's Public Key Certificate Modulus value)

Since the Certificate Issuer's Public Key is available to all, for Certificate Validation we can perform these same steps and calculate the value. The calculated value should match the value on the Protocol Server's Certificate.

More Information#

There might be more information for this subject on one of the following:

• AuthorityKeyIdentifier
• CA Constraint
• Certificate Fingerprint
• Certificate Issuer
• Certificate Validation
• Example Certificate
• RSA Cryptography
• SHA-1
• TBSCertificate
• Verifying Certificate Signatures