Java generated digital certificate series (ii) dissecting digital certificates

Source: Internet
Author: User


Order
The previous article introduced several concepts related to CA certificates, which are important to understand the digital certificate and how it works. This article is mainly to analyze the CA certificate, to tell the basic composition of the certificate, which is necessary to generate a correct, accessible certificate.

Constitute
Nonsense not much to say, directly on the content.
Let's look at what the certificate is, and when you view the certificate under Windows (for example, CER), the interface is like this.







General tab, mainly introduces the certificate information, the issuer, and the effective date.
The Details tab contains more information, and they all exist in a key-value form, where the fields include: version, serial number, Signature algorithm, issuer, expiration date, public key, fingerprint, and so on. Also mentioned in the previous article. Let's take a detailed look at what these fields are for.

More Information

    • Versions (version)
Obviously, this is the version number of the certificate, different versions of the certificate format are different. Here, I'm using the V3 version.
    • Serial number (Serial numbers)
Certificate serial number, the certificate serial number that is issued by the same authentication authority is unique.
    • Signature Algorithm (Signature algorithm)
The signature algorithm, which refers to the encryption algorithm used by the digital signature in this digital certificate, can decrypt the thumbprint in the certificate through the public key in the root certificate.
    • Issued by (Issuer)
The certificate publisher, which identifies which company created the certificate, which is the CA Center certificate. Of course, if it is a certificate generated by your own company, then the issuer is your own company.
    • Validity period (Valid from to)
The date the certificate was generated, and the date that the certificate was used. After the certificate validity period expires, it will be verified in the authentication server, and after the validation fails, the new certificate or another operation is regenerated. This depends on the issuing authority of the certificate.
    • User (Subject)
This certificate is issued to WHO, or is the owner of the certificate, usually a person or a company's name, the name of the organization, the website of the company's Web site and so on. Of course, if it is the root certificate, then the user is his own company.
    • Public key
The public key of the certificate is primarily used to encrypt the message, the public key of the certificate is 2048 bits, and his value can be seen in the dialog box, which is a long hexadecimal number.

    • Fingerprint and fingerprint algorithm (thumbprint, thumbprint algorithm)
Fingerprint and fingerprint algorithm, at the time of issuing the certificate, the publisher calculates the hash value of the entire certificate based on the fingerprint algorithm, and uses the certificate publisher's private key to sign it to form a fingerprint and put the thumbprint together with the certificate.

When you generate a certificate, you need to set the issuer, the expiration date, the user, and so on. The version, Signature algorithm, and certificate public key are all set, otherwise the generated certificate is not used properly.

Conclusion
In fact, this article is not a lot of, mainly to the composition of the certificate to mention it, a detailed talk about a bit. Next, you'll start using Java's APIs and third-party components to generate the CA certificate.

Java generated digital certificate series (ii) dissecting digital certificates

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.