A digital certificate is a collection of data used to securely distribute the public half of a public/private key pair. Figure 1 shows the parts of a typical X.509 certificate that make this possible. Along with structural information, the certificate contains name and contact information for both its issuer and its owner (or subject), plus the owner's public key. A date range indicates when the certificate is valid. Certificate extensions provide additional information and conditions, like acceptable uses for the public key. When assembling the certificate, to vouch for its integrity, the issuer digitally signs it using the issuer's own identity (private key and certificate).

Figure 1

Contents of an X.509 certificate

To evaluate a certificate, you first verify its signature using the specified algorithm and the issuer's public key, which you obtain from the issuer's publicly available certificate. A valid signature confirms that the certificate under evaluation, known as the leaf certificate, is unaltered. But in order to trust this result, you must also trust the issuer's certificate. You use a similar procedure to test this certificate, and the one that guarantees that certificate, and the next, and so on in a chain back to a trusted root authority whose certificate, known as the anchor, which you trust implicitly. The public key included in the leaf certificate is then considered trustworthy. You can be assured that it has come unaltered from the certificate's owner who controls the corresponding private key. This allows you to securely use the public key to engage in asymmetric cryptography with the certificate's owner.

https://developer.apple.com/documentation/security/certificate_key_and_trust_services/certificates

X.509 certificate的更多相关文章

  1. 导入CA证书报错 keytool error: java.lang.Exception: Input not an X.509 certificate

    导入CA证书报错: keytool error: java.lang.Exception: Input not an X.509 certificate 如果你的CA证书是如下格式的: -----BE ...

  2. WCF X.509验证

    1.证书的制作 makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=ParkingServer -sky exchange -pe makecert. ...

  3. Key and Certificate Conversion

    Key and Certificate Conversion Private keys and certificates can be stored in a variety of formats, ...

  4. 使用 OpenSSL为WindowsServer远程桌面(RDP)创建自签名证书 (Self-signed SSL certificate)

    前言 笔者查阅很多资料,才写成此文章,如有错误,请读者们及时提出. 一般大家使用远程桌面(Remote Desktop)连接Windows Server时,总会有一个警告提示,如图1 图1 出现此警告 ...

  5. [转载]Parsing X.509 Certificates with OpenSSL and C

    Parsing X.509 Certificates with OpenSSL and C Zakir Durumeric | October 13, 2013 While OpenSSL has b ...

  6. 【Azure Developer】Azure Automation 自动化账号生成的时候怎么生成连接 与证书 (Connection & Certificate)

    Azure Automation :The Azure Automation service provides a highly reliable and scalable workflow exec ...

  7. 【Azure 环境】把OpenSSL生产的自签名证书导入到Azure Key Vault Certificate中报错

    问题描述 通过本地生成的自签名证书导入到Azure Key Vault Certificate报错. 错误信息 the specified PEM X.509 certificate content ...

  8. 你想要了解但是却羞于发问的有关SSL的一切

    Everything You Ever Wanted to Know About SSL (but Were Afraid to Ask) Or perhaps more accurately, &q ...

  9. PHP7函数大全(4553个函数)

    转载来自: http://www.infocool.net/kb/PHP/201607/168683.html a 函数 说明 abs 绝对值 acos 反余弦 acosh 反双曲余弦 addcsla ...

随机推荐

  1. CF586D. Phillip and Trains

    /* CF586D. Phillip and Trains http://codeforces.com/problemset/problem/586/D 搜索 */ #include<cstdi ...

  2. 利用C语言中的函数指针实现c++中的虚函数

    C语言中的函数指针 #include<stdio.h> int fun1(int a) { return a*a; } int fun2(int a) { return a*a*a; } ...

  3. bootstrap-table设置height后表头与内容无法对齐的问题

    bootstrap-table项目官网:https://github.com/wenzhixin/bootstrap-table bootstrap-table各版本下载:https://github ...

  4. HTMLParser in python

    You can know form the name that the HTMLParser is something used to parse HTML files.  In python, th ...

  5. HDU 4540

    简单得不能再简单的DP了. #include<iostream> const int inf=1<<30; using namespace std; int map[22][2 ...

  6. webservices系列(五)——javaweb整合Axis2及多service配置

    1.新建一个项目动态web项目webservice_test3. 2.打开<Tomcat安装目录>webapps/axis2/WEB-INF.将lib.conf.modules三个目录复制 ...

  7. UVA10254 - The Priest Mathematician(找规律)

    UVA10254 - The Priest Mathematician(找规律) 题目链接 题目大意:4根柱子的汉诺塔. 解题思路:题目里面有提示,先借助四个柱子移走k个,然后在借助三个柱子移走剩余的 ...

  8. 从头认识java-15.7 Map(3)-介绍HashMap的工作原理-get方法

    接着上一章节.我们来讨论一下get方法. 1.还是利用上一章节的图 下图引用自:http://www.admin10000.com/document/3322.html 我们简单说一下步骤.就是通过h ...

  9. 请求文件下载URL过长处理

    /* * PostNewWin * Author:ppchen */var PostNewWin = function(url){    var urlArr = url.split("?& ...

  10. 一句话实现Mysql查询结果带行号

    SELECT @rowno:=@rowno + 1 AS rowno,a.* FROM tableName a,(SELECT @rowno:=0) b