A digital certificate is a collection of data used to securely distribute the public half of a public/private key pair. Figure 1 shows the parts of a typical X.509 certificate that make this possible. Along with structural information, the certificate contains name and contact information for both its issuer and its owner (or subject), plus the owner's public key. A date range indicates when the certificate is valid. Certificate extensions provide additional information and conditions, like acceptable uses for the public key. When assembling the certificate, to vouch for its integrity, the issuer digitally signs it using the issuer's own identity (private key and certificate).

Figure 1

Contents of an X.509 certificate

To evaluate a certificate, you first verify its signature using the specified algorithm and the issuer's public key, which you obtain from the issuer's publicly available certificate. A valid signature confirms that the certificate under evaluation, known as the leaf certificate, is unaltered. But in order to trust this result, you must also trust the issuer's certificate. You use a similar procedure to test this certificate, and the one that guarantees that certificate, and the next, and so on in a chain back to a trusted root authority whose certificate, known as the anchor, which you trust implicitly. The public key included in the leaf certificate is then considered trustworthy. You can be assured that it has come unaltered from the certificate's owner who controls the corresponding private key. This allows you to securely use the public key to engage in asymmetric cryptography with the certificate's owner.

https://developer.apple.com/documentation/security/certificate_key_and_trust_services/certificates

X.509 certificate的更多相关文章

  1. 导入CA证书报错 keytool error: java.lang.Exception: Input not an X.509 certificate

    导入CA证书报错: keytool error: java.lang.Exception: Input not an X.509 certificate 如果你的CA证书是如下格式的: -----BE ...

  2. WCF X.509验证

    1.证书的制作 makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=ParkingServer -sky exchange -pe makecert. ...

  3. Key and Certificate Conversion

    Key and Certificate Conversion Private keys and certificates can be stored in a variety of formats, ...

  4. 使用 OpenSSL为WindowsServer远程桌面(RDP)创建自签名证书 (Self-signed SSL certificate)

    前言 笔者查阅很多资料,才写成此文章,如有错误,请读者们及时提出. 一般大家使用远程桌面(Remote Desktop)连接Windows Server时,总会有一个警告提示,如图1 图1 出现此警告 ...

  5. [转载]Parsing X.509 Certificates with OpenSSL and C

    Parsing X.509 Certificates with OpenSSL and C Zakir Durumeric | October 13, 2013 While OpenSSL has b ...

  6. 【Azure Developer】Azure Automation 自动化账号生成的时候怎么生成连接 与证书 (Connection & Certificate)

    Azure Automation :The Azure Automation service provides a highly reliable and scalable workflow exec ...

  7. 【Azure 环境】把OpenSSL生产的自签名证书导入到Azure Key Vault Certificate中报错

    问题描述 通过本地生成的自签名证书导入到Azure Key Vault Certificate报错. 错误信息 the specified PEM X.509 certificate content ...

  8. 你想要了解但是却羞于发问的有关SSL的一切

    Everything You Ever Wanted to Know About SSL (but Were Afraid to Ask) Or perhaps more accurately, &q ...

  9. PHP7函数大全(4553个函数)

    转载来自: http://www.infocool.net/kb/PHP/201607/168683.html a 函数 说明 abs 绝对值 acos 反余弦 acosh 反双曲余弦 addcsla ...

随机推荐

  1. 清北学堂模拟赛d5t5 exLCS

    分析:比较巧妙的一道题.经典的LCS算法复杂度是O(nm)的,理论上没有比这个复杂度更低的算法,除非题目有一些限制.这道题中两个字符串的长度不一样,f[i][j]如果表示第一个串前i个,第二个串前j个 ...

  2. fzu 2122

    #include<stdio.h> #include<string.h> #define N 51000 char s1[200],s2[200],s[N]; int main ...

  3. CI笔记

    1.控制器 实现自己的控制器MY_Controller是在./application/core/MY_Controller.php中. 2.类库 添加自己的类是放在./application./lib ...

  4. Bran的内核开发指南_中文版

    http://www.cnblogs.com/liloke/archive/2011/12/21/2296004.html 最近在看<orange’s>一书,有点想自己写一个轻量级OS的想 ...

  5. no_merge hint

    This is tested in 10gR2. SQL> select * from v$version; BANNER ----------------------------------- ...

  6. MVC.Net5:添加Tinymce的图片上传功能

    Tinymce是目前几个主流的Web文本编辑器之一,不过它的图片上传功能是要收费的,而其它几个免费的上传图片的插件支持的都是PHP.那么就只能自己动手写一个了(源代码下载). 准备工作如下:1.   ...

  7. HDOJ 5417 Victor and Machine 水

    Victor and Machine Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 131072/65536 K (Java/Othe ...

  8. UIView 的图层关系

    个人认为用字母取代这样的比較好理解,.给新人学习 addSubview是一层一层往上加,新加的仅仅能放到父视图的最上层, insertSubView能够控制它加入到父视图的哪一层  A addSubv ...

  9. ICM Technex 2017 and Codeforces Round #400 (Div. 1 + Div. 2, combined) C. Molly's Chemicals

    感觉自己做有关区间的题目方面的思维异常的差...有时简单题都搞半天还完全没思路,,然后别人提示下立马就明白了...=_= 题意:给一个含有n个元素的数组和k,问存在多少个区间的和值为k的次方数. 题解 ...

  10. IOS的一个关于球碰撞的小游戏

    这个游戏是关于一个球随机在屏幕上移动,能够用手指来操纵令一个球,假设两个球碰撞到一起,就表示输了,很easy的一个游戏 在StoryBoard里定义两个UIImageView和一个startbutto ...