![]() It appears the problem is with the browser (but see below). You can find reading on Distinguished Names in standards like RFC 4514 and using KEYIDs in standards like RFC 4518, which concerns itself with path building. The key identifiers are just thumbprints of a digested public key. You will sometimes see it via Subject Key Identifier (SKI) and Authority Key Identifier (AKI). The other way to form a chain is with KEYIDs. Using Subject and Issuer names is utilizing what is called Distinguished Names. And part of the requirements for the trust anchor is you already have it to ensure its not tampered with. If there was a level 3, it would be: 3 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authorityīut you usually don't see it in a chain because you must trust it. Gutmann provides the following diagram to describe it in his book Engineering Security:Īt the top, the CA root is self signed, and the issue and the subject are the same. Notice how the issuer at the server becomes the subject for the next higher certificate. I:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5Ģ s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. I:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. I:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at (c)10/CN=VeriSign Class 3 Secure Server CA - G3ġ s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at (c)10/CN=VeriSign Class 3 Secure Server CA - G3 You are usually interested in the pairs in the chain like this: Certificate chainĠ s:/C=US/ST=California/L=San Carlos/O=Check Point Software Technologies Inc./OU=MIS-US/CN= And use openssl x509 to dump certificates. Its a swiss army knife for things like this. How to troubleshoot “Secure Connection Failed” in Firefox appearing since the version 38?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |