[zz]What is in a digital certificate

http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.csqzas.doc/sy10600_.htm

 

What is in a digital certificate

 

Digital certificates used by WebSphere® MQ comply with the X.509standard, which specifies the information that is required and the formatfor sending it. X.509 is the Authentication framework part of the X.500 seriesof standards. X.500 is the OSI Directory Standard.

Digital certificates contain at least the following information about theentity being certified:
  • The owner's public key
  • The owner's Distinguished Name
  • The Distinguished Name of the CA that is issuing the certificate
  • The date from which the certificate is valid
  • The expiry date of the certificate
  • A version number
  • A serial number

When you receive a certificate from a CA, the certificate is signed bythe issuing CA with a digital signature. You verify that signature by usinga CA certificate, from which you obtain the public key for the CA. You canuse the CA public key to validate other certificates issued by that authority.Recipients of your certificate use the CA public key to check the signature.

Digital certificates do not contain your private key. You must keep yourprivate key secret.

posted @ 2010-07-11 13:33  bettermanlu  阅读(266)  评论(0编辑  收藏  举报