Order
The previous article introduced several concepts related to CA certificates, which are important to understand the digital certificate and how it works. This article is mainly to analyze the CA certificate, to tell the basic composition of the certificate, which is necessary to generate a correct, accessible certificate.
Constitute
Nonsense not much to say, directly on the content.
Let's look at what the certificate is, and when you view the certificate under Windows (for example, CER), the interface is like this.
General tab, mainly introduces the certificate information, the issuer, and the effective date.
The Details tab contains more information, and they all exist in a key-value form, where the fields include: version, serial number, Signature algorithm, issuer, expiration date, public key, fingerprint, and so on. Also mentioned in the previous article. Let's take a detailed look at what these fields are for.
More Information
Obviously, this is the version number of the certificate, different versions of the certificate format are different. Here, I'm using the V3 version.
- Serial number (Serial numbers)
Certificate serial number, the certificate serial number that is issued by the same authentication authority is unique.
- Signature Algorithm (Signature algorithm)
The signature algorithm, which refers to the encryption algorithm used by the digital signature in this digital certificate, can decrypt the thumbprint in the certificate through the public key in the root certificate.
The certificate publisher, which identifies which company created the certificate, which is the CA Center certificate. Of course, if it is a certificate generated by your own company, then the issuer is your own company.
- Validity period (Valid from to)
The date the certificate was generated, and the date that the certificate was used. After the certificate validity period expires, it will be verified in the authentication server, and after the validation fails, the new certificate or another operation is regenerated. This depends on the issuing authority of the certificate.
This certificate is issued to WHO, or is the owner of the certificate, usually a person or a company's name, the name of the organization, the website of the company's Web site and so on. Of course, if it is the root certificate, then the user is his own company.
The public key of the certificate is primarily used to encrypt the message, the public key of the certificate is 2048 bits, and his value can be seen in the dialog box, which is a long hexadecimal number.
- Fingerprint and fingerprint algorithm (thumbprint, thumbprint algorithm)
Fingerprint and fingerprint algorithm, at the time of issuing the certificate, the publisher calculates the hash value of the entire certificate based on the fingerprint algorithm, and uses the certificate publisher's private key to sign it to form a fingerprint and put the thumbprint together with the certificate.
When you generate a certificate, you need to set the issuer, the expiration date, the user, and so on. The version, Signature algorithm, and certificate public key are all set, otherwise the generated certificate is not used properly.
Conclusion
In fact, this article is not a lot of, mainly to the composition of the certificate to mention it, a detailed talk about a bit. Next, you'll start using Java's APIs and third-party components to generate the CA certificate.
Java generated digital certificate series (ii) dissecting digital certificates
