| |
How to verify/validate/trust a certificate? |
|
|
Subject: How to verify/validate/trust a certificate?
Author: X509
In response to: Certificate File Extensions
Posted on: 05/01/2007 08:00:57 PM
Simply two ways:
1) by checking the authenticity of the signature of the issuer: Use issuer's public key to hash the signature into two sets of hashes (take TSL for example, one from MD5 and one from SHA-1) and compare them. If there is a match, the signature is authentic, otherwise it's not. In order to get the issuer's public key, you most likely need another certificate which is issued to the first certificate's issuer. Then the question is back to how to verify/validate/trust the issuer's certificate. The answer is to use another certificate. You see it's a chain and eventually you are deemed to reach the top of the chain, the Certificate Authority (CA) certificate, which is self-signed certificate. How to trust a CA certificate, the answer is 2).
2) by heart: In GOD We Trust.
>
> On 05/01/2007 07:59:02 PM X509 wrote:
Common filename extensions for X.509-certificates are:
.CER - Canonical encoding rules (CER) encoded certificate
.DER - Distinguished Encoding Rules (DER) encoded certificate
.PEM - Privacy Enhanced Mail (PEM) base64 encoded certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----", may contain private key(s)
.P7C - PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)
.P12 - PKCS#12, evolved from the PFX , may contain certificate(s) (public) and private keys (password protected)
References:
|
|
|
|
