A certificate (Certificate, also known as Public-key Certificate) is a digital credential that can be used as an intermediary for a trust relationship by digitally signing certain content, such as a public key, with some sort of signature algorithm. The certificate issuer informs the certificate consumer or entity of its public key (Public-key) and some other ancillary information by issuing a certificate. Certificates are widely used in e-commerce security transactions, and certificate issuers are also known as CAS (Certificate authority).
Issuance and application of certificatesThe role of certificates in public key cryptography is to ensure that public keys are published in certain trusted institutions, which have important applications in protocol SSL and electronic Transaction protocol set.
Figure 1 shows one of the simplest ways to apply a certificate:
The application steps for the certificate are:
(1) A to send its own public key pka to the CA (Certificate authority);
(2) The CA generates a certificate with its own private key and A's public key, including the digital signature of the CA in the certificate. The Signature object includes the content that needs to be stated in the certificate, such as the public key of a, timestamp, serial number, etc., in order to simplify the assumption that there are only three items in the certificate: A's public key pka, timestamp TIME1, and serial number IDA. Then CA sent to a simple certificate credentials can be expressed as: Certa=eca[time1,ida,pka];
(3) B also send its own public key PKB to the CA;
(4) B Obtain the certificate issued by CA CERTB;
(5) A inform B certificate Certa;
(6) B inform a certificate CERTB.
A, b each obtains each other's certificate, uses the public key obtained from the CA (in the CA's self-visa book) to verify each other's certificate is valid, if valid, then obtains each other's public key. Using the other's public key, you can encrypt the data, or can be used to verify the other's digital signature.
In order to facilitate the explanation, and do not use the certificate obtained from the CA, but the two sides of the communication generated from the visa book, that is, figure 1, A and B are not through the CA, but only if A and B have each other's certificate.
The content and meaning of the certificate| Certificate Core Items | meaning |
|---|---|
| Version | Tell me which version of the certificate is the V1, V2, v3 |
| Serial number | Set the serial number of the certificate by the certificate distribution authority |
| Signature algorithm Identifier | What signature algorithms are used for certificates |
| Issuer Name | The name of the certificate issuer, which is the name of the institution that signed the certificate |
| Validity Period | Certificate Valid time range |
| Subject Name | The name of the public key owner or entity signed by the certificate issuer, using the X.500 protocol, is unique on the Internet. For example: Cn=java,ou=infosec,o=infosec LAB,C=CN represents a subject name. |
"Java" Java and digital certificates
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
