A digital certificate is a collection of data used to securely distribute the public half of a public/private key pair. Figure 1 shows the parts of a typical X.509 certificate that make this possible. Along with structural information, the certificate contains name and contact information for both its issuer and its owner (or subject), plus the owner's public key. A date range indicates when the certificate is valid. Certificate extensions provide additional information and conditions, like acceptable uses for the public key. When assembling the certificate, to vouch for its integrity, the issuer digitally signs it using the issuer's own identity (private key and certificate).

Figure 1

Contents of an X.509 certificate

To evaluate a certificate, you first verify its signature using the specified algorithm and the issuer's public key, which you obtain from the issuer's publicly available certificate. A valid signature confirms that the certificate under evaluation, known as the leaf certificate, is unaltered. But in order to trust this result, you must also trust the issuer's certificate. You use a similar procedure to test this certificate, and the one that guarantees that certificate, and the next, and so on in a chain back to a trusted root authority whose certificate, known as the anchor, which you trust implicitly. The public key included in the leaf certificate is then considered trustworthy. You can be assured that it has come unaltered from the certificate's owner who controls the corresponding private key. This allows you to securely use the public key to engage in asymmetric cryptography with the certificate's owner.

https://developer.apple.com/documentation/security/certificate_key_and_trust_services/certificates

X.509 certificate的更多相关文章

  1. 导入CA证书报错 keytool error: java.lang.Exception: Input not an X.509 certificate

    导入CA证书报错: keytool error: java.lang.Exception: Input not an X.509 certificate 如果你的CA证书是如下格式的: -----BE ...

  2. WCF X.509验证

    1.证书的制作 makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=ParkingServer -sky exchange -pe makecert. ...

  3. Key and Certificate Conversion

    Key and Certificate Conversion Private keys and certificates can be stored in a variety of formats, ...

  4. 使用 OpenSSL为WindowsServer远程桌面(RDP)创建自签名证书 (Self-signed SSL certificate)

    前言 笔者查阅很多资料,才写成此文章,如有错误,请读者们及时提出. 一般大家使用远程桌面(Remote Desktop)连接Windows Server时,总会有一个警告提示,如图1 图1 出现此警告 ...

  5. [转载]Parsing X.509 Certificates with OpenSSL and C

    Parsing X.509 Certificates with OpenSSL and C Zakir Durumeric | October 13, 2013 While OpenSSL has b ...

  6. 【Azure Developer】Azure Automation 自动化账号生成的时候怎么生成连接 与证书 (Connection & Certificate)

    Azure Automation :The Azure Automation service provides a highly reliable and scalable workflow exec ...

  7. 【Azure 环境】把OpenSSL生产的自签名证书导入到Azure Key Vault Certificate中报错

    问题描述 通过本地生成的自签名证书导入到Azure Key Vault Certificate报错. 错误信息 the specified PEM X.509 certificate content ...

  8. 你想要了解但是却羞于发问的有关SSL的一切

    Everything You Ever Wanted to Know About SSL (but Were Afraid to Ask) Or perhaps more accurately, &q ...

  9. PHP7函数大全(4553个函数)

    转载来自: http://www.infocool.net/kb/PHP/201607/168683.html a 函数 说明 abs 绝对值 acos 反余弦 acosh 反双曲余弦 addcsla ...

随机推荐

  1. 【POJ 1981】Circle and Points(已知圆上两点求圆心坐标)

    [题目链接]:http://poj.org/problem?id=1981 [题意] 给你n个点(n<=300); 然后给你一个半径R: 让你在平面上找一个半径为R的圆; 这里R=1 使得这个圆 ...

  2. (45). Spring Boot MyBatis连接Mysql数据库【从零开始学Spring Boot】

    大家在开发的时候,会喜欢jdbcTemplate操作数据库,有喜欢JPA操作数据库的,有喜欢MyBatis操作数据库的,对于这些我个人觉得哪个使用顺手就使用哪个就好了,并没有一定要使用哪个,个人在实际 ...

  3. 高三感想+跨年感想+OI回忆录

    2017.12.29晚 高三感慨 与OI分别很久了,发现自己已经不会敲代码了…… 高三国庆前大概比较正常,只是某只人影响有点大(现在好多了)…… 感觉国庆以后状态就没好过. 先感冒两个星期,然后某个周 ...

  4. Java 学习(7):java 日期时间 & 正则表达式

    目录 --- 日期时间 --- 正则表达式 日期时间:java.util 包提供了 Date 类来封装当前的日期和时间. Date 类提供两个构造函数来实例化 Date 对象. 构造函数:用于初始化对 ...

  5. HDU 5433

    每次BC都好心酸... BFS+queue..状态可以设为p_val[x][y][k],加上斗志的值. #include <iostream> #include <cstdio> ...

  6. POJ 2960

    也算是一道模板题吧,只需按照SG函数的定义求出每个值的SG,然后异或就可以了. #include <iostream> #include <cstdio> #include & ...

  7. IntelliJ IDEA 在左右两侧出现Project、Maven Project等导航按钮

    IntelliJ IDEA 在左右两侧出现Project.Maven Project等导航按钮 选中 View > Tool Buttons 可以查看Project.Maven Project等 ...

  8. IOS 京东相关app 出现“网络请求失败,请检查您的网络设置”的解决办法

    问题情况 在IOS系统下,下载安装或者更新新版的京东相关app之后,打开app直接就是“网络请求失败,请检查网络设置”,无论是数据连接还是wifi都试了,都是网络请求失败. 然而打开无线局域网-使用无 ...

  9. tflearn mnist 使用MLP 全连接网络一般都会加dropout哇

    # -*- coding: utf-8 -*- """ Deep Neural Network for MNIST dataset classification task ...

  10. 洛谷P3047 [USACO12FEB]Nearby Cows(树形dp)

    P3047 [USACO12FEB]附近的牛Nearby Cows 题目描述 Farmer John has noticed that his cows often move between near ...