Friday, May 10, 2019

ssl certificate 101

A certificate verifies that an entity is the owner of a particular public key.

Certificates that follow the X.509 standard contain a data section and a signature section. The signature section is to verify the certificate authenticity, and the data section includes such information as:
  • The Distinguished Name of the entity that owns the public key
  • The Distinguished Name of the entity that issued the certificate
  • expiration info
  • The public ke
You can obtain a certificate from a Certificate Authority (CA) such as VeriSign, Godaddy etc. Alternately, you can create a self-signed certificate, in which the owner and the issuer are the same.

An organization that issues certificates can establish a hierarchy of CAs. The root CA has a self-signed certificate. Each subordinate CA has a certificate that is signed by the next highest CA in the hierarchy. A certificate chain is the certificate of a particular CA, plus the certificates of any higher CAs up through the root CA. (certificate chain)

No comments:

Post a Comment