X.509证书格式。
来源:互联网 发布:seo 推广 编辑:程序博客网 时间:2024/04/27 16:02
Structure of a certificate
The structure of an X.509 v3 digital certificate is as follows:
- Certificate
- Version
- Serial Number
- Algorithm ID
- Issuer
- Validity
- Not Before
- Not After
- Subject
- Subject Public Key Info
- Public Key Algorithm
- Subject Public Key
- Issuer Unique Identifier (Optional)
- Subject Unique Identifier (Optional)
- Extensions (Optional)
- ...
- Certificate Signature Algorithm
- Certificate Signature
Sample
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 7829 (0x1e95)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,
OU=Certification Services Division,
CN=Thawte Server CA/emailAddress=server-certs@thawte.com
Validity
Not Before: Jul 9 16:04:02 1998 GMT
Not After : Jul 9 16:04:02 1999 GMT
Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala,
OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb:
33:35:19:d5:0c:64:b9:3d:41:b2:96:fc:f3:31:e1:
66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66:
70:33:52:14:c9:ec:4f:91:51:70:39:de:53:85:17:
16:94:6e:ee:f4:d5:6f:d5:ca:b3:47:5e:1b:0c:7b:
c5:cc:2b:6b:c1:90:c3:16:31:0d:bf:7a:c7:47:77:
8f:a0:21:c7:4c:d0:16:65:00:c1:0f:d7:b8:80:e3:
d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8:
e8:35:1c:9e:27:52:7e:41:8f
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d:
92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:19:f6:ad:ef:63:2f:92:
ab:2f:4b:cf:0a:13:90:ee:2c:0e:43:03:be:f6:ea:8e:9c:67:
d0:a2:40:03:f7:ef:6a:15:09:79:a9:46:ed:b7:16:1b:41:72:
0d:19:aa:ad:dd:9a:df:ab:97:50:65:f5:5e:85:a6:ef:19:d1:
5a:de:9d:ea:63:cd:cb:cc:6d:5d:01:85:b5:6d:c8:f3:d9:f7:
8f:0e:fc:ba:1f:34:e9:96:6e:6c:cf:f2:ef:9b:bf:de:b5:22:
68:9f
Certificate filename extensions
Common filename extensions for X.509 certificates are:
- .pem - (Privacy Enhanced Mail) Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
- .cer, .crt, .der - usually in binary DER form, but Base64-encoded certificates are common too (see .pem above)
- .p7b, .p7c - PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)
- .p12 - PKCS#12, may contain certificate(s) (public) and private keys (password protected)
- .pfx - PFX, predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., with PFX files generated in IIS)
PKCS#7 is a standard for signing or encrypting (officially called "enveloping") data. Since the certificate is needed to verify signed data, it is possible to include them in the SignedData structure. A .P7C file is a degenerated SignedData structure, without any data to sign.
PKCS#12 evolved from the PFX (Personal inFormation eXchange) standard and is used to exchange public and private objects in a single file.
- X.509证书格式。
- 字证书的格式-标准的X.509数字证书
- X.509证书校验
- 数字证书 X.509 证书
- x.509证书举例
- x.509证书
- 翻译:通过Java编程创建X.509格式的数字签名证书
- X.509定义的证书
- x.509证书扩展文件名
- tomcat X.509证书配置
- X.509 v3证书示例
- X.509定义的证书
- 如何使用X.509证书
- 证书格式
- 证书格式
- 证书格式
- 证书格式
- 如何生成以及导入X.509证书
- 网络书
- poj1635树的最小表示法,用于判断树的同构
- 2010年上海中医药大学人才需求计划
- SQL Server 优化存储过程的七种方法
- Ajax动态树实现
- X.509证书格式。
- ubuntu 删除文件目录 rm rmdir 命令
- c/c++实现一个密集型server/socket多路复用select
- [雷倒]计算机系学生巨牛的请假条
- asp.net用户登陆问题在客户端禁用了cookies时如何做
- Android display架构分析
- Question 46: Which of the following statements describe correct methods of handling C++ exceptions?
- gdb调试器命令学习总结笔记
- (NOT CLEAR)Question 47: Which of the following statements correctly describe functions of the endl manipulator for the ostream o