Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual page 25
Hide thumbs
Also See for CERTIFICATE SYSTEM 8 - DEPLOYMENT:
- Manual (86 pages) ,
- Install manual (132 pages)
Table of Contents
Advertisement
DNs may include a variety of other name-value pairs. They are used to identify both certificate
subjects and entries in directories that support the Lightweight Directory Access Protocol (LDAP).
The rules governing the construction of DNs can be complex; for comprehensive information about
DNs, see A String Representation of Distinguished Names at http://www.ietf.org/rfc/rfc4514.txt.
1.3.4.3. A Typical Certificate
Every X.509 certificate consists of two sections:
• The data section includes the following information:
• The version number of the X.509 standard supported by the certificate.
• The certificate's serial number. Every certificate issued by a CA has a serial number that is unique
among the certificates issued by that CA.
• Information about the user's public key, including the algorithm used and a representation of the
key itself.
• The DN of the CA that issued the certificate.
• The period during which the certificate is valid; for example, between 1:00 p.m. on November 15,
2004, and 1:00 p.m. November 15, 2009.
• The DN of the certificate subject, which is also called the subject name; for example, in an SSL
client certificate, this is the user's DN.
• Optional certificate extensions, which may provide additional data used by the client or server. For
example, the Netscape Certificate Type extension indicates the type of certificate, such as an SSL
client certificate, an SSL server certificate, or a certificate for signing email. Certificate extensions
can also be used for other purposes.
• The signature section includes the following information:
• The cryptographic algorithm, or cipher, used by the issuing CA to create its own digital signature.
• The CA's digital signature, obtained by hashing all of the data in the certificate together and
encrypting it with the CA's private key.
Here are the data and signature sections of a certificate shown in the readable pretty-print format:
Certificate:
Data:
Version: v3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: OU=Example Certificate Authority, O=Example Corp, C=US
Validity:
Not Before: Fri Oct 17 18:36:25 1997
Not
After: Sun Oct 17 18:36:25 1999
Subject: CN=Jane Doe, OU=Finance, O=Example Corp, C=US
Subject Public Key Info:
Algorithm: PKCS #1 RSA Encryption
Public Key:
Modulus:
00:ca:fa:79:98:8f:19:f8:d7:de:e4:49:80:48:e6:2a:2a:86:
Contents of a Certificate
15
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
Related Products for Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE