Network Security Wiki

Certificates: Difference between revisions

Page Discussion

Certificates (view source)

Revision as of 18:14, 27 November 2019

1,398 bytes added ,  4 years ago
no edit summary
No edit summary
Line 2:
__TOC__
<br />
 
= X.509 Certificate =
 
* In cryptography, X.509 is a standard defining the format of public key certificates.
* X.509 certificates are used in many protocols like TLS/SSL, which is the basis for HTTPS.
* They are also used in offline applications like Electronic Signatures.
* It contains a public key and an identity - hostname, organization or individual.
* It is either signed by a Certificate Authority or Self-Signed.
* When a certificate is signed by a trusted certificate authority or validated by other means, someone holding that certificate can rely on the public key it contains.
* X.509 also defines certificate revocation lists, which are a means to distribute information about certificates that have been deemed invalid by a signing authority, as well as a certification path validation algorithm, which allows for certificates to be signed by intermediate CA certificates, which are, in turn, signed by other certificates, eventually reaching a trust anchor.
 
Structure of an X.509 v3 Digital certificate:
* Certificate
**Version Number
**Serial Number
**Signature Algorithm ID
**Issuer Name
**Validity period
***Not Before
***Not After
**Subject name
**Subject Public Key Info
***Public Key Algorithm
***Subject Public Key
**Issuer Unique Identifier (optional)
**Subject Unique Identifier (optional)
**Extensions (optional)
*Certificate Signature Algorithm
*Certificate Signature
 
= Checking Using OpenSSL =
Source: [https://www.sslshopper.com/article-most-common-openssl-commands.html sslshopper.com]
 
= General OpenSSL Commands =
== Generate Certificates ==
 
* Generate a new private key and Certificate Signing Request
Line 20 ⟶ 52:
openssl rsa -in privateKey.pem -out newPrivateKey.pem
 
== Verifying Certificates ==
= Checking Using OpenSSL =
 
* Check a Certificate Signing Request (CSR)
Line 34 ⟶ 66:
openssl pkcs12 -info -in keyStore.p12
 
== Debugging Using OpenSSL ==
 
* Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key
Line 44 ⟶ 76:
openssl s_client -connect www.paypal.com:443
 
== Converting UsingFormat OpenSSL==
 
* Convert a DER file (.crt .cer .der) to PEM
Retrieved from "https://aman.awiki.org/wiki/Special:MobileDiff/3901"