Cisco Secure Virtual Private Networks
4.2
Certificate
Generation
4.2.4
Digital
certificates
The X.509 certificate consists of
specific fields and values. The figure to the left shows an example of a
Microsoft Windows display of a certificate. The certificate has the
following values:
Certificate format version
Currently, X.509 version 1,
2, or 3
Certificate serial number
Unique certificate numerical
identifier in the CA domain
When a certificate is revoked,
it is the certificate number that is listed on the CRL
Signature algorithm
Identifies the CA's public key
and hashing algorithm
Issuer
Distinguished name of the CA
Validity period
Specifies the
start and expiration dates for the certificate
Subject X.500 name
Distinguished name of
the entity holding the private key
Subject public key information
Specifies the subject's public
key and hashing algorithm
Extensions
Extends the certificate to
allow additional information
Subject alternative name
CRL distribution points
Additional information if
configured in the CA
CA signatureThe CA performs a hash function on the certificate contents and
the hash is then signed with the CA's private key to ensure
authenticity (Reference: RFC 2459).
Wyszukiwarka
Podobne podstrony:
contentcontentcontentcontentcontentcontentcontentcontentcontentfunction domnode get contentcontentcontentcontentcontentcontentcontentwięcej podobnych podstron