Shulou(Shulou.com)06/01 Report--

A certificate is usually a small file of several kilograms, using binary or certain encoded text (such as Base64) to store public and private keys and corresponding information.

So what information does the certificate contain?

In a nutshell, there is this information:

? Version number

Certificate version

? Serial number

Certificate serial number

? Signature algorithm ID

Signature method ID

? Issuer name

Signer

? Validity period

The period of validity.

? Subject name

Subject name, usually person, organization, or Web/ application server, etc.

? Subject public key information

Subject public key information.

? Issuer unique identifier

Unique identification of the signer.

? Subject unique identifier

The theme is the only expression.

? Extensions

Extensions to store additional information, such as key usage, aliases, and so on.

? Signed hash of the certificate data

Certificate data hash HASH signature, signed with this private key for encryption, can be used as a digital signature.

Of course, the most important thing is the three elements of the certificate:

1. Issuer of trust

2. Period of validity

3. The name is the same

Otherwise, you will encounter problems with the use of certificates:

To avoid this problem, there are generally two ways to obtain a certificate:

1. Use a third party certificate.

The so-called third-party certificate is an institution that specializes in providing certificate services, charging annual certificate fees to provide certificates for users. Because the root CA of these institutions is often provided with the device or the operating system on the device, users do not need to manually configure the system to trust the certificates they issue.

It is very convenient for end-users, especially those who use mobile devices to import certificates, but there is an annual fee.

2. Use self-built CA to issue certificates.

There are many free CA systems available, such as AD CS (AD Certificate Service) that comes with Windows Server. You can use AD or manually import CA's certificate as a trusted certification authority, thus resolving the problem that the authentication authority is not trusted.

For end users, it may be technically difficult to import CA certificates. The advantage is that there is no need to pay the certificate fee.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.