X.509: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 41: Line 41:
                 keyid:B2:DA:94:80:CE:E8:61:DA:CA:15:85:97:A8:D8:A1:E4:37:A7:5A:9D
                 keyid:B2:DA:94:80:CE:E8:61:DA:CA:15:85:97:A8:D8:A1:E4:37:A7:5A:9D
   
   
             X509v3 Basic Constraints:
             [[#X509_Basic_Constraints|X509v3 Basic Constraints]]:
                 CA:TRUE
                 CA:TRUE
     Signature Algorithm: sha256WithRSAEncryption
     Signature Algorithm: sha256WithRSAEncryption

Revision as of 17:21, 8 April 2018

External

Internal

Overview

X.509 is a ITU-T standard for a public key infrastructure (PKI).

X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

X.509 is a common certificate format that can be managed by JDK's keytool.

Certificate Structure

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b9:f4:0a:47:fa:79:78:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, L=Menlo Park, O=Nova Ordis LLC, CN=test.novaordis.com
        Validity
            Not Before: Apr  8 08:49:35 2018 GMT
            Not After : Apr  8 08:49:35 2019 GMT
        Subject: C=US, L=Menlo Park, O=Nova Ordis LLC, CN=test.novaordis.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ce:ab:8f:f6:2f:f1:4b:63:c6:ed:ea:8f:25:30:
                    [...]
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:DA:94:80:CE:E8:61:DA:CA:15:85:97:A8:D8:A1:E4:37:A7:5A:9D
            X509v3 Authority Key Identifier:
                keyid:B2:DA:94:80:CE:E8:61:DA:CA:15:85:97:A8:D8:A1:E4:37:A7:5A:9D

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         3d:8f:9f:3b:8a:9a:39:36:d2:13:cb:85:de:d0:92:6e:36:1f:
         [...]

Issuer

Validity - Not Before

Validity - Not After

Subject

X509 extensions

X509 Basic Constraints

Retrieved from "https://kb.novaordis.com/index.php?title=X.509&oldid=40523"