!!! Overview
[{$pagename}] is an [Subject Certificate] [Example] of a [Certificate]
We use the [Subject Certificate] for any non-[Root Certificate] presented to a client from a server.
!! [{$pagename}]
%%prettify
{{{
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:f5:d1:2d:5e:6f:0b:d4:ea:f2:a2:c9:66:f3:b4:ce
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network,
OU=Terms of use at https://www.verisign.com/rpa (c)09,
CN=VeriSign Class 3 Secure Server CA - G2
Validity
Not Before: Jul 15 00:00:00 2010 GMT
Not After : Jul 14 23:59:59 2013 GMT
Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc.,
CN=www.amazon.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:be:89:0e:a1:ad:fa:7d:58:6a:a1:6a:e4:3b:ed:
75:e4:3e:f2:19:f7:f3:0f:fa:d9:ef:62:10:52:7b:
fc:dd:94:96:a8:35:6b:1b:50:60:2e:2e:79:ac:7c:
2e:a3:81:de:8d:37:f9:ee:6e:4f:82:c7:e4:12:04:
55:af:57:69:94:8c:ef:2e:50:7a:6d:53:0f:5b:5f:
62:58:5e:cf:f2:df:f4:4d:ce:71:b6:82:d7:86:e5:
4f:77:e4:91:aa:e4:bd:5a:65:aa:9e:20:4f:38:5e:
b4:8b:e0:36:45:80:a8:d5:24:5c:46:9d:f1:80:c0:
6b:62:a5:1f:26:5e:ae:17:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 CRL Distribution Points:
URI:http://SVRSecure-G2-crl.verisign.com/SVRSecureG2.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.23.3
CPS: https://www.verisign.com/rpa
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Authority Key Identifier:
keyid:A5:EF:0B:11:CE:C0:41:03:A3:4A:65:90:48:
B2:1C:E0:57:2D:7D:47
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
CA Issuers -
URI:http://SVRSecure-G2-aia.verisign.com/SVRSecureG2.cer
1.3.6.1.5.5.7.1.12:
0`.^.\0Z0X0V..image/gif0!0.0...+......Kk.(.....R8.).K..!..0
&.$http://logo.verisign.com/vslogo1.gif
Signature Algorithm: sha1WithRSAEncryption
a8:15:fd:f5:ba:5a:88:99:0c:2a:3d:28:bb:74:82:65:3f:42:
47:21:1f:d4:78:d6:4d:9e:b6:ec:17:cd:18:b7:9e:f9:83:e5:
e9:39:8a:8f:dd:3c:61:d7:c0:eb:f1:72:34:e4:4f:3f:e7:33:
40:a9:49:9f:44:b0:8d:bf:33:b1:76:95:a3:50:21:8f:8f:0c:
1e:60:82:5e:20:98:fa:bf:19:33:1a:12:a1:61:61:3f:a8:5c:
b8:80:9a:a0:34:dc:dd:52:8c:98:85:ba:6d:ce:bc:e0:4c:a9:
9b:38:c5:4d:56:10:ba:ef:72:8a:1b:08:68:7b:dd:59:43:e5:
33:1b:0a:3f:bd:43:2a:cb:ee:34:36:43:d5:69:d7:ca:7a:83:
a9:ab:e6:15:ef:94:e8:95:65:2b:f6:9e:11:4e:5f:0e:19:01:
76:a1:30:36:06:52:f1:09:e0:cf:d4:71:16:0d:80:ba:12:26:
9e:93:4b:1c:5f:83:4c:2c:d0:69:3b:c5:99:31:c4:4c:8f:27:
be:49:9a:ac:21:3e:4a:5d:e1:18:d3:39:44:62:04:16:da:cc:
d8:ed:3d:88:d2:a6:e3:ae:6f:eb:13:af:f1:6d:7e:d2:02:48:
35:3c:2f:9a:a0:f5:bc:55:ea:a4:7b:8a:de:62:0b:73:9c:58:
41:1c:2c:51
}}} /%
[RFC 5280] The structure of an [X.509] v3 digital [certificate] is as follows:
* [Basic Certificate Fields]
** [TBSCertificate]
** [signatureAlgorithm]
** [signatureValue]
! tbsCertificate
[TBSCertificate] includes the following:
* [Certificate Version] - The version number field is intended to facilitate orderly changes in [certificate] formats over time. The initial [version] number for [certificates] used in [PEM] is the [X.509] default which has a value of zero (0), indicating the [1988|Year 1988] version. [PEM] implementations are encouraged to accept later [versions] as they are endorsed by [CCITT]/[ISO].
* [Certificate Serial Number] - The serial number field provides a short form, unique identifier for each certificate generated by an issuer. An issuer must ensure that no two distinct certificates with the same issuer DN contain the same serial number.
* [Certificate Algorithm ID] - This field specifies the algorithm used by the issuer to sign the certificate, and any parameters associated with the algorithm.
* [Certificate Issuer] - A certificate provides a representation of its issuer's [identity|Digital Identity], in the form of a [Distinguished Name|DN].
* [Certificate Validity Period] - A certificate carries a pair of date and time indications, indicating the start and end of the time period over which a certificate is intended to be used.
** [Validity-Not Before|Not Before]
** [Validity-Not After|Not After]
* [Certificate Subject] - A certificate provides a representation of its subject's identity in the form of a [Distinguished Name|DN] and optionally [Subject Alternative Names]
* [Subject Public Key Info] - A certificate carries the public component of its associated subject, as well as an indication of the algorithm, and any algorithm parameters, with which the public component is to be used.
** [Public Key Algorithm]
** [RSA Public Key]
** [Certificate Modulus]
** [Certificate Exponent]
* [KeyUsage]
* [Issuer Unique Identifier] ([OPTIONAL])
* [Subject Unique Identifier] ([OPTIONAL])
* [Certificate Extensions] (optional) - Each extension has its own id, expressed as [Object identifier|OID], which is a set of values, together with either a critical or non-critical indication.
** [extendedKeyUsage]
* [Certificate Signature Algorithm] - This field specifies the algorithm used by the issuer to sign the certificate, and any parameters associated with the algorithm.
* [Certificate Signature] - The binary signature of the certificate.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]