Menu
According to the X.509, a certificate has an attribute subject.
C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/[email protected]
This is the typical subject value. The question is what are the types(or tags) of those attributes(C, ST, L, O, OU, CN) and what is their format?
333
An X. 509 certificate is a digital certificate that uses the widely accepted international X. 509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.
An X. 509 certificate consists of a number of fields. The Subject field is the one of most relevance to this tutorial. It gives the DName of the client to which the certificate belongs. A DName is a unique name given to an X.
Open cmd prompt, change directory to desktop & type command- openssl. It is a process of creating a simple x509 certificate that will be used for digital signatures. Press enter and fill in all the required information like the password for creating keys & a few personal information.
IETF PKIX (latest version RFC 5280) is a well accepted profile for certificates. From section 4.1.2.4, the following fields must be supported (I've added between parenthesis is the OpenSSL long and optional short name):
There's also a list of element that should be supported:
Values should be encoded in UTF8String or PrintableString (some of them only in PrintableString, and some exceptions in IA5String). The standard also has a maximum length for all field types (Appendix A.1)
For reasons of compatibility, implementations must also support domain components (domainComponent, DC) encoded in IA5String. Attention is drawn to email (emailAddress) and its encoding (IA5String, but it's considered deprecated in DNs (it should be in Subject Alternative Name extension).
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
