PKI and X.509v3 Certificates
This page is based on RFC 5280

Basic PKI

  • Certificate Authority (CA)
  • Registration Authority (RA)

Certificate Data

  • Issuer
  • Subject
  • Validity
  • X509v3 Extensions

X.509v3 Extensions

  • Key Usage
  • Authority Information Access
  • Certificate Policies
  • Basic Constraints
  • CRL Distribution Points
  • Subject Alternative Name (SAN)

Distinguished Name (DN)

An unordered set of AVAs

Attribute Value Assertion (AVA)

  • Common Name (CN)
  • Organization (O)
  • Organizational Unit (OU)
  • Country/Region (C)

Revocation

  • Certificate Revocation List (CRL)
  • Online Certificate Status Protocol (OCSP)

Sample Certificate

Taken from the Red Hat Docs
1
Data:
2
Version: v3
3
Serial Number: 0x1
4
Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
5
Issuer: CN=Certificate Manager,OU=netscape,O=ExampleCorp,L=MV,ST=CA,C=US
6
Validity:
7
Not Before: Friday, February 21, 2005 12:00:00 AM PST America/Los_Angeles
8
Not After: Monday, February 21, 2007 12:00:00 AM PST America/Los_Angeles
9
Subject: CN=Certificate Manager,OU=netscape,O=ExampleCorp,L=MV,ST=CA,C=US
10
Subject Public Key Info:
11
Algorithm: RSA - 1.2.840.113549.1.1.1
12
Public Key:
13
Exponent: 65537
14
Public Key Modulus: (2048 bits) :
15
E4:71:2A:CE:E4:24:DC:C4:AB:DF:A3:2E:80:42:0B:D9:
16
CF:90:BE:88:4A:5C:C5:B3:73:BF:49:4D:77:31:8A:88:
17
15:A7:56:5F:E4:93:68:83:00:BB:4F:C0:47:03:67:F1:
18
30:79:43:08:1C:28:A8:97:70:40:CA:64:FA:9E:42:DF:
19
35:3D:0E:75:C6:B9:F2:47:0B:D5:CE:24:DD:0A:F7:84:
20
4E:FA:16:29:3B:91:D3:EE:24:E9:AF:F6:A1:49:E1:96:
21
70:DE:6F:B2:BE:3A:07:1A:0B:FD:FE:2F:75:FD:F9:FC:
22
63:69:36:B6:5B:09:C6:84:92:17:9C:3E:64:C3:C4:C9
23
Extensions:
24
Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1
25
Critical: no
26
Certificate Usage:
27
SSL CA
28
Secure Email CA
29
ObjectSigning CA
30
Identifier: Basic Constraints - 2.5.29.19
31
Critical: yes
32
Is CA: yes
33
Path Length Constraint: UNLIMITED
34
Identifier: Subject Key Identifier - 2.5.29.14
35
Critical: no
36
Key Identifier:
37
3B:46:83:85:27:BC:F5:9D:8E:63:E3:BE:79:EF:AF:79:
38
9C:37:85:84
39
Identifier: Authority Key Identifier - 2.5.29.35
40
Critical: no
41
Key Identifier:
42
3B:46:83:85:27:BC:F5:9D:8E:63:E3:BE:79:EF:AF:79:
43
9C:37:85:84
44
Identifier: Key Usage: - 2.5.29.15
45
Critical: yes
46
Key Usage:
47
Digital Signature
48
Key CertSign
49
Crl Sign
50
Signature:
51
Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
52
Signature:
53
AA:96:65:3D:10:FA:C7:0B:74:38:2D:93:54:32:C0:5B:
54
2F:18:93:E9:7C:32:E6:A4:4F:4E:38:93:61:83:3A:6A:
55
A2:11:91:C2:D2:A3:48:07:6C:07:54:A8:B8:42:0E:B4:
56
E4:AE:42:B4:B5:36:24:46:4F:83:61:64:13:69:03:DF:
57
41:88:0B:CB:39:57:8C:6B:9F:52:7E:26:F9:24:5E:E7:
58
BC:FB:FD:93:13:AF:24:3A:8F:DB:E3:DC:C9:F9:1F:67:
59
A8:BD:0B:95:84:9D:EB:FC:02:95:A0:49:2C:05:D4:B0:
60
35:EA:A6:80:30:20:FF:B1:85:C8:4B:74:D9:DC:BB:50
Copied!
Last modified 1yr ago