A digital certificate is a collection of data used to securely distribute the public half of a public/private key pair. Figure 1 shows the parts of a typical X.509 certificate that make this possible. Along with structural information, the certificate contains name and contact information for both its issuer and its owner (or subject), plus the owner's public key. A date range indicates when the certificate is valid. Certificate extensions provide additional information and conditions, like acceptable uses for the public key. When assembling the certificate, to vouch for its integrity, the issuer digitally signs it using the issuer's own identity (private key and certificate).

Figure 1

Contents of an X.509 certificate

To evaluate a certificate, you first verify its signature using the specified algorithm and the issuer's public key, which you obtain from the issuer's publicly available certificate. A valid signature confirms that the certificate under evaluation, known as the leaf certificate, is unaltered. But in order to trust this result, you must also trust the issuer's certificate. You use a similar procedure to test this certificate, and the one that guarantees that certificate, and the next, and so on in a chain back to a trusted root authority whose certificate, known as the anchor, which you trust implicitly. The public key included in the leaf certificate is then considered trustworthy. You can be assured that it has come unaltered from the certificate's owner who controls the corresponding private key. This allows you to securely use the public key to engage in asymmetric cryptography with the certificate's owner.

https://developer.apple.com/documentation/security/certificate_key_and_trust_services/certificates

X.509 certificate的更多相关文章

  1. 导入CA证书报错 keytool error: java.lang.Exception: Input not an X.509 certificate

    导入CA证书报错: keytool error: java.lang.Exception: Input not an X.509 certificate 如果你的CA证书是如下格式的: -----BE ...

  2. WCF X.509验证

    1.证书的制作 makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=ParkingServer -sky exchange -pe makecert. ...

  3. Key and Certificate Conversion

    Key and Certificate Conversion Private keys and certificates can be stored in a variety of formats, ...

  4. 使用 OpenSSL为WindowsServer远程桌面(RDP)创建自签名证书 (Self-signed SSL certificate)

    前言 笔者查阅很多资料,才写成此文章,如有错误,请读者们及时提出. 一般大家使用远程桌面(Remote Desktop)连接Windows Server时,总会有一个警告提示,如图1 图1 出现此警告 ...

  5. [转载]Parsing X.509 Certificates with OpenSSL and C

    Parsing X.509 Certificates with OpenSSL and C Zakir Durumeric | October 13, 2013 While OpenSSL has b ...

  6. 【Azure Developer】Azure Automation 自动化账号生成的时候怎么生成连接 与证书 (Connection & Certificate)

    Azure Automation :The Azure Automation service provides a highly reliable and scalable workflow exec ...

  7. 【Azure 环境】把OpenSSL生产的自签名证书导入到Azure Key Vault Certificate中报错

    问题描述 通过本地生成的自签名证书导入到Azure Key Vault Certificate报错. 错误信息 the specified PEM X.509 certificate content ...

  8. 你想要了解但是却羞于发问的有关SSL的一切

    Everything You Ever Wanted to Know About SSL (but Were Afraid to Ask) Or perhaps more accurately, &q ...

  9. PHP7函数大全(4553个函数)

    转载来自: http://www.infocool.net/kb/PHP/201607/168683.html a 函数 说明 abs 绝对值 acos 反余弦 acosh 反双曲余弦 addcsla ...

随机推荐

  1. 1、ceph-deploy之部署ceph集群

    环境说明 server:3台虚拟机,挂载卷/dev/vdb 10G 系统:centos7.2 ceph版本:luminous repo: 公网-http://download.ceph.com,htt ...

  2. Servlet的HttpServletResponse输出

    了解其中的一些字符设置,PrintWriter输出等.. form.html: <!DOCTYPE html> <html> <head> <title> ...

  3. hdu_1008_Elevator_201308191629

    ElevatorTime Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/32768 K (Java/Others)Total Sub ...

  4. [bzoj2060][Usaco2010 Nov]Visiting Cows 拜访奶牛_树形dp

    Visiting Cows 拜访奶牛 bzoj-2060 Usaco-2010 Nov 题目大意:题目链接. 注释:略. 想法:看起来像支配集. 只是看起来像而已. 状态:dp[pos][flag]表 ...

  5. [bzoj4530][Bjoi2014]大融合_LCT

    大融合 bzoj-4530 Bjoi-2014 题目大意:n个点,m个操作,支持:两点连边:查询两点负载:负载.边(x,y)的负载就是将(x,y)这条边断掉后能和x联通的点的数量乘以能和y联通的点的数 ...

  6. MRO 方法解释顺序

    MRO是用在多重继承中的.考虑这种情况,整个环境中父类是两个 P1,P2 子类是两个 C1,C2 而 孙子类是G1. 我们知道 G1会从 P1,P2,C1,C2中继承属性,但是如果有多个属性重名,那么 ...

  7. 源代码管理之Git命令的使用

    目录 02.源代码管理之Git命令的使用 2.Git命令行演练-个人开发 2.1 如何学习git指令 2.2 初始化创建本地仓库 2.3 个人开发基本演练 2.4 Git的基本常识 3.Git命令行演 ...

  8. selenium清空默认文字

    默认输入框 鼠标点击上去还有文案 直接用 clear不可以

  9. jabberNet 修改花名册条目的昵称

    修改昵称,这么简单的功能,在jabberNet里怎么实现? 翻遍了jabberNet里的代码,jabber.client.RosterManager也,JabberClient也,似乎都没有现成的方法 ...

  10. 使用SetTimer函数为Delphi的Win控件设置时钟

    procedure Timertodo(var messag:Tmessage);message WM_TIMER; procedure TForm1.FormCreate(Sender: TObje ...