Christian's Docs
Search…
Welcome to my Docs!
DONE
Kerberos Authentication Protocol
HTTP Security Checklist
Brotli for NGINX
In progress ...
TLS and Ciphers Suites
PKI and X.509v3 Certificates
HTTP compression and BREACH-attacks
OAuth2 and OIDC
SAML 2.0
Windows, AD & Forests
iOS Encryption & Data Protection
Archive
Don't touch PHP again
Portfolio
Github
Linkedin
Medium
Twitter
Powered By GitBook
PKI and X.509v3 Certificates
This page is based on RFC 5280

Basic PKI

  • Certificate Authority (CA)
  • Registration Authority (RA)

Certificate Data

  • Issuer
  • Subject
  • Validity
  • X509v3 Extensions

X.509v3 Extensions

  • Key Usage
  • Authority Information Access
  • Certificate Policies
  • Basic Constraints
  • CRL Distribution Points
  • Subject Alternative Name (SAN)

Distinguished Name (DN)

An unordered set of AVAs

Attribute Value Assertion (AVA)

  • Common Name (CN)
  • Organization (O)
  • Organizational Unit (OU)
  • Country/Region (C)

Revocation

  • Certificate Revocation List (CRL)
  • Online Certificate Status Protocol (OCSP)

Sample Certificate

Taken from the Red Hat Docs
1
Data:
2
Version: v3
3
Serial Number: 0x1
4
Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
5
Issuer: CN=Certificate Manager,OU=netscape,O=ExampleCorp,L=MV,ST=CA,C=US
6
Validity:
7
Not Before: Friday, February 21, 2005 12:00:00 AM PST America/Los_Angeles
8
Not After: Monday, February 21, 2007 12:00:00 AM PST America/Los_Angeles
9
Subject: CN=Certificate Manager,OU=netscape,O=ExampleCorp,L=MV,ST=CA,C=US
10
Subject Public Key Info:
11
Algorithm: RSA - 1.2.840.113549.1.1.1
12
Public Key:
13
Exponent: 65537
14
Public Key Modulus: (2048 bits) :
15
E4:71:2A:CE:E4:24:DC:C4:AB:DF:A3:2E:80:42:0B:D9:
16
CF:90:BE:88:4A:5C:C5:B3:73:BF:49:4D:77:31:8A:88:
17
15:A7:56:5F:E4:93:68:83:00:BB:4F:C0:47:03:67:F1:
18
30:79:43:08:1C:28:A8:97:70:40:CA:64:FA:9E:42:DF:
19
35:3D:0E:75:C6:B9:F2:47:0B:D5:CE:24:DD:0A:F7:84:
20
4E:FA:16:29:3B:91:D3:EE:24:E9:AF:F6:A1:49:E1:96:
21
70:DE:6F:B2:BE:3A:07:1A:0B:FD:FE:2F:75:FD:F9:FC:
22
63:69:36:B6:5B:09:C6:84:92:17:9C:3E:64:C3:C4:C9
23
Extensions:
24
Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1
25
Critical: no
26
Certificate Usage:
27
SSL CA
28
Secure Email CA
29
ObjectSigning CA
30
Identifier: Basic Constraints - 2.5.29.19
31
Critical: yes
32
Is CA: yes
33
Path Length Constraint: UNLIMITED
34
Identifier: Subject Key Identifier - 2.5.29.14
35
Critical: no
36
Key Identifier:
37
3B:46:83:85:27:BC:F5:9D:8E:63:E3:BE:79:EF:AF:79:
38
9C:37:85:84
39
Identifier: Authority Key Identifier - 2.5.29.35
40
Critical: no
41
Key Identifier:
42
3B:46:83:85:27:BC:F5:9D:8E:63:E3:BE:79:EF:AF:79:
43
9C:37:85:84
44
Identifier: Key Usage: - 2.5.29.15
45
Critical: yes
46
Key Usage:
47
Digital Signature
48
Key CertSign
49
Crl Sign
50
Signature:
51
Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
52
Signature:
53
AA:96:65:3D:10:FA:C7:0B:74:38:2D:93:54:32:C0:5B:
54
2F:18:93:E9:7C:32:E6:A4:4F:4E:38:93:61:83:3A:6A:
55
A2:11:91:C2:D2:A3:48:07:6C:07:54:A8:B8:42:0E:B4:
56
E4:AE:42:B4:B5:36:24:46:4F:83:61:64:13:69:03:DF:
57
41:88:0B:CB:39:57:8C:6B:9F:52:7E:26:F9:24:5E:E7:
58
BC:FB:FD:93:13:AF:24:3A:8F:DB:E3:DC:C9:F9:1F:67:
59
A8:BD:0B:95:84:9D:EB:FC:02:95:A0:49:2C:05:D4:B0:
60
35:EA:A6:80:30:20:FF:B1:85:C8:4B:74:D9:DC:BB:50
Copied!
In progress ... - Previous
TLS and Ciphers Suites
Next - In progress ...
HTTP compression and BREACH-attacks
Last modified 2yr ago
Copy link
Contents
Basic PKI
Certificate Data
X.509v3 Extensions
Distinguished Name (DN)
Attribute Value Assertion (AVA)
Revocation
Sample Certificate