X.509 certificate fields contained
Field | description |
version | The current version of X.509 certificates included |
serial number | Certificate Authority (CA) to generate a unique serial number |
Signature Algorithm | Signature signature algorithm used, such as SHA1withRSA |
Certificate issued by the promulgation | Certificate issued and signed by organization name |
Validity | This certificate is valid start time and end time |
Object Name | Entity certificate represents, such as a person or an organization |
Public key information object | Subject public key certificate, the public key generation algorithm, and additional parameters |
Publisher ID (optional) | The unique identifier of the certificate issuer |
Object ID (optional) | Unique identifier for the certificate on behalf of an object |
no | Optional extension field sets, each extension field may be identified as critical or non-critical field, the key extension field is very important, you must be able to understand the user certificate, if the user can not identify key certificate extension field to the certificate must be rejected The most commonly used extension field includes: --- Basic Constraints objects with a certificate authority relations Certificate Policy --- granted a certificate policy --- key usage restrictions on the use of public key |
Digital Signature Certificate Authority | Certificate authority using the specified signature algorithm and the authority's private key for digital signature generated by all of the above fields |
Certificates issued
Digital certificate issuance process is actually a digital certificate content, including representatives of the object of a public key certificate to digitally sign and verify the certificate process is in fact a digital signature verification certificate, including the difficult period of validity of the certificate.
Certificate verification
When the client receives the digital certificate, it will first check the certificate authority certificate, and if the agency is the authority of the certificate authority, then obtain the public key certificate issued by a root certification authority of the certificate by the public key of the certificate digital signature verification.