RE: X.509 All in One

• Previous message: Tareq Muhammad: "X.509 All in One"
• In reply to: Tareq Muhammad: "X.509 All in One"
• Next in thread: Tareq Muhammad: "RE: X.509 All in One"
• Reply: Tareq Muhammad: "RE: X.509 All in One"
• Reply: jef: "RE: X.509 All in One"
• Messages sorted by: [ date ] [ thread ]

Date: Sat, 11 Dec 2004 08:35:03 -0800

Hi Tareq,

That is a tall order. I hope I can get you closer to the answers you need,
but no promises!

Pronunciation: "Ecks five oh nine"

X.509 is a collection of recommendations for standardizing public key
infrastructure. See http://en.wikipedia.org/wiki/X.509 for an overview and
links to the working group, where you can find and read all the relevant RFCs
(a monumental task).

There are a number of ways to get a certificate, and which to choose depends
on how you want to use it. You can purchase certificates from, e.g.
http://verisign.com/products-services/security-services/ssl/index.html that
you can use in a web server. The certificate identifies the web server and
provides a means of encrypting and signing, in the case of SSL/TLS, a
symmetric key that is subsequently used to encrypt the data passed across the
connection. You can also get personal certificates that you could use to
digitally sign/verify or encrypt/decrypt, e.g. email messages or soap
messages. If you are just wanting to get familiar with the technology, I
would highly recommend that you use a product like OpenSSL
(http://www.openssl.org) instead of purchasing a certificate. Microsoft also
has tools that you can use to issue your own certificates if you have or
don't mind purchasing the necessary software. Check out:

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/sec_auth_certobtainsrv.asp

.cer and .pfx are the file extensions of two different formats for
certificate files.
PFX is a PKCS#12 format. See
http://www.rsasecurity.com/rsalabs/node.asp?id=2138 for the specification.
.cer is a different format. CER stands for "Canonical Encoding Rules,"
though by a nice twist of fate (in my experience), the contents of a .CER
file are typically encoded using DER, the Distinquished Encoding Rules.

PFX/PKCS#12 files store both the public and private key, where .CER only
stores the public key.

When a certificate is issued, it is typically in PKCS#12 format, so .pfx.

The usage is general encryption/decryption and signature/verification,
though it is typically used for SSL on web servers. It is rarely if ever used
to sign code in my experience.

Good luck, and I hope that helps.
Jef Newsom
http://integralpath.blogs.com

"Tareq Muhammad" wrote:

> X.509 All in One
>
> Hi All,
>
> I want to konw everything about X.509
>
> Here is My Questions:
>
> 1. How to Pronouncate X.509?
> 2. What is X.509?
> 3. How to get X.509 Cert with detailed steps?
> 4. What is .Cer and PFX? how to get each one of them?
> 5. When I issue a X.509 does the issuer give me the .cer or PFx ?
> 5. What is X.509 Usage, secure web services only? or it can be used to sign
> my code?
>
>

• Previous message: Tareq Muhammad: "X.509 All in One"
• In reply to: Tareq Muhammad: "X.509 All in One"
• Next in thread: Tareq Muhammad: "RE: X.509 All in One"
• Reply: Tareq Muhammad: "RE: X.509 All in One"
• Reply: jef: "RE: X.509 All in One"
• Messages sorted by: [ date ] [ thread ]