LDAPWiki: Example Certificate

Overview#

Example Certificate is an Subject Certificate Example of a Certificate

We use the Subject Certificate for any non-Root Certificate presented to a client from a server.

Example Certificate#

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:f5:d1:2d:5e:6f:0b:d4:ea:f2:a2:c9:66:f3:b4:ce
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, 
          OU=Terms of use at https://www.verisign.com/rpa (c)09, 
          CN=VeriSign Class 3 Secure Server CA - G2
        Validity
            Not Before: Jul 15 00:00:00 2010 GMT
            Not After : Jul 14 23:59:59 2013 GMT
        Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., 
          CN=www.amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:be:89:0e:a1:ad:fa:7d:58:6a:a1:6a:e4:3b:ed:
                    75:e4:3e:f2:19:f7:f3:0f:fa:d9:ef:62:10:52:7b:
                    fc:dd:94:96:a8:35:6b:1b:50:60:2e:2e:79:ac:7c:
                    2e:a3:81:de:8d:37:f9:ee:6e:4f:82:c7:e4:12:04:
                    55:af:57:69:94:8c:ef:2e:50:7a:6d:53:0f:5b:5f:
                    62:58:5e:cf:f2:df:f4:4d:ce:71:b6:82:d7:86:e5:
                    4f:77:e4:91:aa:e4:bd:5a:65:aa:9e:20:4f:38:5e:
                    b4:8b:e0:36:45:80:a8:d5:24:5c:46:9d:f1:80:c0:
                    6b:62:a5:1f:26:5e:ae:17:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
            X509v3 CRL Distribution Points: 
                URI:http://SVRSecure-G2-crl.verisign.com/SVRSecureG2.crl

            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.3
                  CPS: https://www.verisign.com/rpa

            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Authority Key Identifier: 
                keyid:A5:EF:0B:11:CE:C0:41:03:A3:4A:65:90:48:
                B2:1C:E0:57:2D:7D:47

            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com
                CA Issuers - 
                  URI:http://SVRSecure-G2-aia.verisign.com/SVRSecureG2.cer

            1.3.6.1.5.5.7.1.12: 
                0`.^.\0Z0X0V..image/gif0!0.0...+......Kk.(.....R8.).K..!..0
                &.$http://logo.verisign.com/vslogo1.gif
    Signature Algorithm: sha1WithRSAEncryption
        a8:15:fd:f5:ba:5a:88:99:0c:2a:3d:28:bb:74:82:65:3f:42:
        47:21:1f:d4:78:d6:4d:9e:b6:ec:17:cd:18:b7:9e:f9:83:e5:
        e9:39:8a:8f:dd:3c:61:d7:c0:eb:f1:72:34:e4:4f:3f:e7:33:
        40:a9:49:9f:44:b0:8d:bf:33:b1:76:95:a3:50:21:8f:8f:0c:
        1e:60:82:5e:20:98:fa:bf:19:33:1a:12:a1:61:61:3f:a8:5c:
        b8:80:9a:a0:34:dc:dd:52:8c:98:85:ba:6d:ce:bc:e0:4c:a9:
        9b:38:c5:4d:56:10:ba:ef:72:8a:1b:08:68:7b:dd:59:43:e5:
        33:1b:0a:3f:bd:43:2a:cb:ee:34:36:43:d5:69:d7:ca:7a:83:
        a9:ab:e6:15:ef:94:e8:95:65:2b:f6:9e:11:4e:5f:0e:19:01:
        76:a1:30:36:06:52:f1:09:e0:cf:d4:71:16:0d:80:ba:12:26:
        9e:93:4b:1c:5f:83:4c:2c:d0:69:3b:c5:99:31:c4:4c:8f:27:
        be:49:9a:ac:21:3e:4a:5d:e1:18:d3:39:44:62:04:16:da:cc:
        d8:ed:3d:88:d2:a6:e3:ae:6f:eb:13:af:f1:6d:7e:d2:02:48:
        35:3c:2f:9a:a0:f5:bc:55:ea:a4:7b:8a:de:62:0b:73:9c:58:
        41:1c:2c:51

RFC 5280 The structure of an X.509 v3 digital certificate is as follows:

Basic Certificate Fields

tbsCertificate#

TBSCertificate includes the following:

Certificate Version - The version number field is intended to facilitate orderly changes in certificate formats over time. The initial version number for certificates used in PEM is the X.509 default which has a value of zero (0), indicating the 1988 version. PEM implementations are encouraged to accept later versions as they are endorsed by CCITT/ISO.
Certificate Serial Number - The serial number field provides a short form, unique identifier for each certificate generated by an issuer. An issuer must ensure that no two distinct certificates with the same issuer DN contain the same serial number.
Certificate Algorithm ID - This field specifies the algorithm used by the issuer to sign the certificate, and any parameters associated with the algorithm.
Certificate Issuer - A certificate provides a representation of its issuer's identity, in the form of a Distinguished Name.
Certificate Validity Period - A certificate carries a pair of date and time indications, indicating the start and end of the time period over which a certificate is intended to be used.
- Validity-Not Before
- Validity-Not After
Certificate Subject - A certificate provides a representation of its subject's identity in the form of a Distinguished Name and optionally Subject Alternative Names
Subject Public Key Info - A certificate carries the public component of its associated subject, as well as an indication of the algorithm, and any algorithm parameters, with which the public component is to be used.
KeyUsage
Issuer Unique Identifier (OPTIONAL)
Subject Unique Identifier (OPTIONAL)
Certificate Extensions (optional) - Each extension has its own id, expressed as Object identifier, which is a set of values, together with either a critical or non-critical indication.
- extendedKeyUsage
Certificate Signature Algorithm - This field specifies the algorithm used by the issuer to sign the certificate, and any parameters associated with the algorithm.
Certificate Signature - The binary signature of the certificate.

More Information#

There might be more information for this subject on one of the following:

Active Sessions	1169
Uptime	368d, 15h 49m 46s
Number of pages	16125

Overview#

Example Certificate#

tbsCertificate#

More Information#

Lead Pages#