![]() ![]() ![]() In this case, the subject and authority key identifiers would be Proves that the issuer possesses both the public and private keys.) Key associated with the certificate's subject public key. Signature on a self-signed certificate is generated with the private Where a CA distributes its public key in the form of a "self-signed"Ĭertificate, the authority key identifier MAY be omitted. The keyIdentifier field of the authorityKeyIdentifier extension MUSTīe included in all certificates generated by conforming CAs toįacilitate certification path construction. RFC3280 states in section 4.2.1.1 (emphasis mine): Note the absence of the Authority Key Identifier in root-ca.crt. You can see that the fields are the same for both certificates, even though ca.crt has been signed by root-ca.crt: $ openssl x509 -noout -text -in ca.crt | grep -A1 'Key Identifier' Subject= /CN=classmarkets CA/C=DE/L=Berlin/O=classmarkets GmbH/ST=Berlin $ openssl x509 -subject -issuer -noout -in ca.crt Issuer= /C=DE/ST=Berlin/L=Berlin/O=classmarkets GmbH/CN=classmarkets CA Subject= /C=DE/ST=Berlin/L=Berlin/O=classmarkets GmbH/CN=classmarkets CA Here are the outputs from one of our internal root (root-ca.crt) and intermediate certificates (ca.crt): $ openssl x509 -subject -issuer -noout -in root-ca.crt Just because the fields have the same value that does not mean the certificate is self-signed. Self-signed certificate will have identical subject and issuer fields, but a) this is not guaranteed, and b) the inverse is not true. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |