Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are spaces alowed in x509 Certificates?

Sometimes when users cut and past their x509 certificates into our system from the web, spaces get mixed up in in there.

Is it safe to assume that spaces are not valid characters in x509 certificates and strip them out?

like image 629
Nick Avatar asked Oct 21 '14 20:10

Nick


People also ask

How are x509 certificates validated?

As part of the X. 509 verification process, each certificate must be signed by the same issuer CA named in its certificate. The client must be able to follow a hierarchical path of certification that recursively links back to at least one root CA listed in the client's trust store.

Does x509 certificate contains private key?

An X. 509 certificate consists of two keys, namely a public key and a private key. This key pair, depending upon the application, allows you to sign documents using the private key so that the intended person can verify the signature using the public key related to it.

How big is an x509 certificate?

format) 12603 bytes.


1 Answers

I assume who are talking about PEM encoded certificate, i.e. a certificate with a -----BEGIN CERTIFICATE----- header and a -----END CERTIFICATE----- footer and which looks like that:

-----BEGIN CERTIFICATE-----
MIICwzCCAaugAwIBAgIKUXEyN2GLpe8......
-----END CERTIFICATE-----

In that case the certificate content is encoded with base64. Since a certificate is a digitally signed object you cannot change a single bit, otherwise the signature validation fails. But the space characters (including tabulations or line feed) are not valid base64 characters. If some space characters has been added to certificate string you could probably safely remove them since they are not valid characters. A robust certificate parser will probably just ignore them. Note that it is a common practice to split the PEM encoded certificate into lines of 64 columns; the certificate reader will ignore the added new-line characters.

The good news: after removing these additional characters, thanks to the digital signature, if the certificate is successfully parsed, it means that its integrity is ok.

like image 128
Jcs Avatar answered Sep 28 '22 08:09

Jcs