Certificates: Difference between revisions
no edit summary
No edit summary |
|||
Line 2:
__TOC__
<br />
= X.509 Certificate =
* In cryptography, X.509 is a standard defining the format of public key certificates.
* X.509 certificates are used in many protocols like TLS/SSL, which is the basis for HTTPS.
* They are also used in offline applications like Electronic Signatures.
* It contains a public key and an identity - hostname, organization or individual.
* It is either signed by a Certificate Authority or Self-Signed.
* When a certificate is signed by a trusted certificate authority or validated by other means, someone holding that certificate can rely on the public key it contains.
* X.509 also defines certificate revocation lists, which are a means to distribute information about certificates that have been deemed invalid by a signing authority, as well as a certification path validation algorithm, which allows for certificates to be signed by intermediate CA certificates, which are, in turn, signed by other certificates, eventually reaching a trust anchor.
Structure of an X.509 v3 Digital certificate:
* Certificate
**Version Number
**Serial Number
**Signature Algorithm ID
**Issuer Name
**Validity period
***Not Before
***Not After
**Subject name
**Subject Public Key Info
***Public Key Algorithm
***Subject Public Key
**Issuer Unique Identifier (optional)
**Subject Unique Identifier (optional)
**Extensions (optional)
*Certificate Signature Algorithm
*Certificate Signature
Source: [https://www.sslshopper.com/article-most-common-openssl-commands.html sslshopper.com]
== Generate Certificates ==
* Generate a new private key and Certificate Signing Request
Line 20 ⟶ 52:
openssl rsa -in privateKey.pem -out newPrivateKey.pem
== Verifying Certificates ==
▲= Checking Using OpenSSL =
* Check a Certificate Signing Request (CSR)
Line 34 ⟶ 66:
openssl pkcs12 -info -in keyStore.p12
== Debugging
* Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key
Line 44 ⟶ 76:
openssl s_client -connect www.paypal.com:443
== Converting
* Convert a DER file (.crt .cer .der) to PEM
|