A digital certificate is a collection of data used to securely distribute the public half of a public/private key pair. Figure 1 shows the parts of a typical X.509 certificate that make this possible. Along with structural information, the certificate contains name and contact information for both its issuer and its owner (or subject), plus the owner's public key. A date range indicates when the certificate is valid. Certificate extensions provide additional information and conditions, like acceptable uses for the public key. When assembling the certificate, to vouch for its integrity, the issuer digitally signs it using the issuer's own identity (private key and certificate).

Figure 1

Contents of an X.509 certificate

To evaluate a certificate, you first verify its signature using the specified algorithm and the issuer's public key, which you obtain from the issuer's publicly available certificate. A valid signature confirms that the certificate under evaluation, known as the leaf certificate, is unaltered. But in order to trust this result, you must also trust the issuer's certificate. You use a similar procedure to test this certificate, and the one that guarantees that certificate, and the next, and so on in a chain back to a trusted root authority whose certificate, known as the anchor, which you trust implicitly. The public key included in the leaf certificate is then considered trustworthy. You can be assured that it has come unaltered from the certificate's owner who controls the corresponding private key. This allows you to securely use the public key to engage in asymmetric cryptography with the certificate's owner.

https://developer.apple.com/documentation/security/certificate_key_and_trust_services/certificates

X.509 certificate的更多相关文章

  1. 导入CA证书报错 keytool error: java.lang.Exception: Input not an X.509 certificate

    导入CA证书报错: keytool error: java.lang.Exception: Input not an X.509 certificate 如果你的CA证书是如下格式的: -----BE ...

  2. WCF X.509验证

    1.证书的制作 makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=ParkingServer -sky exchange -pe makecert. ...

  3. Key and Certificate Conversion

    Key and Certificate Conversion Private keys and certificates can be stored in a variety of formats, ...

  4. 使用 OpenSSL为WindowsServer远程桌面(RDP)创建自签名证书 (Self-signed SSL certificate)

    前言 笔者查阅很多资料,才写成此文章,如有错误,请读者们及时提出. 一般大家使用远程桌面(Remote Desktop)连接Windows Server时,总会有一个警告提示,如图1 图1 出现此警告 ...

  5. [转载]Parsing X.509 Certificates with OpenSSL and C

    Parsing X.509 Certificates with OpenSSL and C Zakir Durumeric | October 13, 2013 While OpenSSL has b ...

  6. 【Azure Developer】Azure Automation 自动化账号生成的时候怎么生成连接 与证书 (Connection & Certificate)

    Azure Automation :The Azure Automation service provides a highly reliable and scalable workflow exec ...

  7. 【Azure 环境】把OpenSSL生产的自签名证书导入到Azure Key Vault Certificate中报错

    问题描述 通过本地生成的自签名证书导入到Azure Key Vault Certificate报错. 错误信息 the specified PEM X.509 certificate content ...

  8. 你想要了解但是却羞于发问的有关SSL的一切

    Everything You Ever Wanted to Know About SSL (but Were Afraid to Ask) Or perhaps more accurately, &q ...

  9. PHP7函数大全(4553个函数)

    转载来自: http://www.infocool.net/kb/PHP/201607/168683.html a 函数 说明 abs 绝对值 acos 反余弦 acosh 反双曲余弦 addcsla ...

随机推荐

  1. [转] C# 隐藏方法和重写方法

    1:方法重写:就是在基类中的方法用virtual关键字来标识,然后在继承类中对该类进行重写 (override),这样基类中的方法在子类中已经被重写了,基类中的方法在子类中已经失去了功能 了.当让基类 ...

  2. [poj1062]昂贵的聘礼_最短路_离散化

    昂贵的聘礼 poj-1062 题目大意:原文链接?不是英文题,自己看 注释:$1\le N \le 100$. 想法:开始的想法有些过于简单,因为落下了一个条件:就是等级限制是一条路径上的任意两点而不 ...

  3. Java分代垃圾回收机制:年轻代/年老代/持久代(转)

    虚拟机中的共划分为三个代:年轻代(Young Generation).年老点(Old Generation)和持久代(Permanent Generation).其中持久代主要存放的是Java类的类信 ...

  4. N天学习一个linux命令之diff

    用途 按行比较文件差异,也可以比较目录 用法 diff [OPTION]... FILES 常用选项 -i --ignore-case 忽略大小写 --ignore-file-name-case 忽略 ...

  5. FOJ 10月赛题 FOJ2198~2204

    A题. 发现是递推可以解决这道题,a[n]=6*a[n-1]-a[n-2].因为是求和,可以通过一个三维矩阵加速整个计算过程,主要是预处理出2^k时的矩阵,可以通过这道题 #include <i ...

  6. MySql解压版使用

    1.解压 2.配置环境变量 3.新建空目录data,修改ini配置文件,修改basedir和datadir 4.管理员运行cmd,进入bin目录 5.mysql -install,如果提示错误,先my ...

  7. jsp上传下载+SmartUpload插件上传

    使用之前须要自己下载jspSmartUpload.jar包 这里找到一个支持中文的jar包,下载地址例如以下: http://www.blogjava.net/Files/hijackwust/jsm ...

  8. C++操作Json字符串

    一.从字符串中读取JSON a.cpp ? 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 ...

  9. Android之自己定义(上方标题随ViewPager手势慢慢滑动)

    近期非常蛋疼,项目要模仿网易新闻的样式去做.上次把仿网易新闻client的下拉刷新写出来了.这次是ViewPager的滑动,同一时候ViewPager的上面标题下划线尾随者移动.本来通过ViewPag ...

  10. 蓝牙调试工具hcitool的使用实例【转】

    本文转载自:http://blog.csdn.net/kangear/article/details/37961769 这个工具据说是基于BlueZ的,但是Android4.2以后不再采用BlueZ取 ...