Certificates: Difference between revisions
→X.509 Certificate
No edit summary |
|||
Line 13:
* X.509 also defines certificate revocation lists, which are a means to distribute information about certificates that have been deemed invalid by a signing authority, as well as a certification path validation algorithm, which allows for certificates to be signed by intermediate CA certificates, which are, in turn, signed by other certificates, eventually reaching a trust anchor.
;Working of Certificates
Structure of an X.509 v3 Digital certificate:▼
*In the X.509 system, an organization that wants a signed certificate requests one via a Certificate Signing Request (CSR).
*To do this, it first generates a key pair, keeping the private key secret and using it to sign the CSR.
*This contains information identifying the applicant and the applicant's public key that is used to verify the signature of the CSR - and the Distinguished Name (DN) that the certificate is for.
*The CSR may be accompanied by other credentials or proofs of identity required by the certificate authority.
*The certification authority issues a certificate binding a public key to a particular distinguished name.
*An organization's trusted root certificates can be distributed to all employees so that they can use the company PKI system.
*Browsers such as Internet Explorer, Firefox, Opera, Safari and Chrome come with a predetermined set of root certificates pre-installed.
*SSL certificates from major certificate authorities will work instantly.
▲;Structure of an X.509 v3 Digital certificate:
* Certificate
**Version Number
| |||