sample X.509 certificates?

sample X.509 certificates?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
sample X.509 certificates? yawnmoth 02-20-2007
Posted by yawnmoth on February 20, 2007, 9:38 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I'd like to see how the X.509 certificate of a certificate authority
looks like. They're built into browsers, but I'd like to see the DER-
encoded version.

Also, according to what I've read about SSL/TLS, the client and the
server each send their own X.509 certificate. How might I go about
getting the latter? The client's (for example, FireFox's) X.509
certificate? I tried using WireShark to capture the packets as they
were being sent out but didn't see the certificates there...


Posted by Doug McIntyre on February 21, 2007, 12:44 am
If you were  Registered and logged in, you could reply and use other advanced thread options
>I'd like to see how the X.509 certificate of a certificate authority
>looks like. They're built into browsers, but I'd like to see the DER-
>encoded version.

Look for the CAcertbundle from the Mozilla project. Won't look much
different than you'd see for any other cert.

>Also, according to what I've read about SSL/TLS, the client and the
>server each send their own X.509 certificate. How might I go about
>getting the latter? The client's (for example, FireFox's) X.509
>certificate? I tried using WireShark to capture the packets as they
>were being sent out but didn't see the certificates there...

Client X.509 certificates are very rare.

You should see the server X.509 certificate going over the wire during
conversation though. ie. use 'openssl s_client' command line command
and it'll dump it out for you as it talks.


Posted by Ertugrul Soeylemez on February 21, 2007, 7:08 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> I'd like to see how the X.509 certificate of a certificate authority
> looks like. They're built into browsers, but I'd like to see the DER-
> encoded version.

A CA certificate is basically a normal self-signed certificate. Nothing
more, nothing less. The encoding doesn't change much about the
contents.


> Also, according to what I've read about SSL/TLS, the client and the
> server each send their own X.509 certificate. How might I go about
> getting the latter? The client's (for example, FireFox's) X.509
> certificate?

Just generate it. You need to have it signed by somebody, either by
yourself (resulting in a self-signed certificate), by a friend (if Bob
knows them) or by a CA.


Regards,
E.S.

Posted by Bruce Stephens on February 21, 2007, 2:25 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> I'd like to see how the X.509 certificate of a certificate authority
> looks like. They're built into browsers, but I'd like to see the DER-
> encoded version.

The ca-certificates package from Debian contains many in PEM format.
<http://packages.debian.org/unstable/misc/ca-certificates>. You can
convert using OpenSSL: openssl x509 -in <pem-file> -outform DER -out <der-file>.

PKITS provides a source of test certs and CRLs:
<http://csrc.nist.gov/pki/testing/x509paths.html>.

> Also, according to what I've read about SSL/TLS, the client and the
> server each send their own X.509 certificate.

That's relatively rare.

Similar ThreadsPosted
Sample virus or bit pattern to verify anti-virus software is working? December 1, 2004, 12:47 pm
X.509 Digital Certificates March 7, 2005, 8:56 pm
Chaining x.509 certificates April 27, 2005, 3:46 pm
Chaining x.509 certificates April 27, 2005, 3:48 pm
What are the differences between the certificates *.pfx *.p12 *.cer *.crt *.spc *.p7b ?? July 19, 2005, 2:02 pm
Wildcard SSL Certificates July 27, 2005, 10:30 am
Certificates Question March 27, 2007, 2:50 am
Value of SSL client certificates? October 19, 2007, 10:18 am
How to generate SSL certificates - a little howto March 22, 2005, 8:34 pm
Repository for digital certificates June 3, 2005, 1:50 pm

The site map in XML format XML site map

Contact Us | Privacy Policy