[zz]What is in a digital certificate
http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.csqzas.doc/sy10600_.htm
What is in a digital certificate
Digital certificates used by WebSphere® MQ comply with the X.509standard, which specifies the information that is required and the formatfor sending it. X.509 is the Authentication framework part of the X.500 seriesof standards. X.500 is the OSI Directory Standard.
- The owner's public key
- The owner's Distinguished Name
- The Distinguished Name of the CA that is issuing the certificate
- The date from which the certificate is valid
- The expiry date of the certificate
- A version number
- A serial number
When you receive a certificate from a CA, the certificate is signed bythe issuing CA with a digital signature. You verify that signature by usinga CA certificate, from which you obtain the public key for the CA. You canuse the CA public key to validate other certificates issued by that authority.Recipients of your certificate use the CA public key to check the signature.
Digital certificates do not contain your private key. You must keep yourprivate key secret.