RE: X.509 All in One

From: Tareq Muhammad (TareqMuhammad_at_discussions.microsoft.com)
Date: 12/11/04 

Date: Sat, 11 Dec 2004 11:03:03 -0800

That is great Jef, Now, I want to create my own certificate using makecert.exe
I want to create the .pfx file and .Cer exactly like what happend with the
WSE Samples,

I found 3 files, one .cer and 2 .pfx files,

Last question, why didn't the offer .cer file for the client too, the .cer
which included just contains the public key for the server, which will be
used be the client to encrypt message, but in the response from the server,
server should encrypt with the client public key. so we should expect that
there is a .cer file.

again about verisign, how do U sperate the public key from the certificate?
and which cerficate format they will give me and what is the recommend one ?

"jef" wrote:

> Hi Tareq,
>
> That is a tall order. I hope I can get you closer to the answers you need,
> but no promises!
>
> Pronunciation: "Ecks five oh nine"
>
> X.509 is a collection of recommendations for standardizing public key
> infrastructure. See http://en.wikipedia.org/wiki/X.509 for an overview and
> links to the working group, where you can find and read all the relevant RFCs
> (a monumental task).
>
> There are a number of ways to get a certificate, and which to choose depends
> on how you want to use it. You can purchase certificates from, e.g.
> http://verisign.com/products-services/security-services/ssl/index.html that
> you can use in a web server. The certificate identifies the web server and
> provides a means of encrypting and signing, in the case of SSL/TLS, a
> symmetric key that is subsequently used to encrypt the data passed across the
> connection. You can also get personal certificates that you could use to
> digitally sign/verify or encrypt/decrypt, e.g. email messages or soap
> messages. If you are just wanting to get familiar with the technology, I
> would highly recommend that you use a product like OpenSSL
> (http://www.openssl.org) instead of purchasing a certificate. Microsoft also
> has tools that you can use to issue your own certificates if you have or
> don't mind purchasing the necessary software. Check out:
>
> http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/sec_auth_certobtainsrv.asp
>
> .cer and .pfx are the file extensions of two different formats for
> certificate files.
> PFX is a PKCS#12 format. See
> http://www.rsasecurity.com/rsalabs/node.asp?id=2138 for the specification.
> .cer is a different format. CER stands for "Canonical Encoding Rules,"
> though by a nice twist of fate (in my experience), the contents of a .CER
> file are typically encoded using DER, the Distinquished Encoding Rules.
>
> PFX/PKCS#12 files store both the public and private key, where .CER only
> stores the public key.
>
> When a certificate is issued, it is typically in PKCS#12 format, so .pfx.
>
> The usage is general encryption/decryption and signature/verification,
> though it is typically used for SSL on web servers. It is rarely if ever used
> to sign code in my experience.
>
> Good luck, and I hope that helps.
> Jef Newsom
> http://integralpath.blogs.com
>
> "Tareq Muhammad" wrote:
>
> > X.509 All in One
> >
> > Hi All,
> >
> > I want to konw everything about X.509
> >
> > Here is My Questions:
> >
> > 1. How to Pronouncate X.509?
> > 2. What is X.509?
> > 3. How to get X.509 Cert with detailed steps?
> > 4. What is .Cer and PFX? how to get each one of them?
> > 5. When I issue a X.509 does the issuer give me the .cer or PFx ?
> > 5. What is X.509 Usage, secure web services only? or it can be used to sign
> > my code?
> >
> >

Relevant Pages

  • RE: X.509 All in One
    ... It looks like they don't export the public key for the client because it ... You can easily export the public key using either internet explorer or the ... Select the certificate you want to export, ... >> you can use in a web server. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Issues with SSL on Win CE 5.0
    ... When you say "this worked on a similar platform perfectly well", ... the with .pfx certificate or just with the .cer? ... server certificate you're trying to add is present under ... import the .pfx so that there is no effect of the previous changes. ...
    (microsoft.public.windowsce.embedded)
  • RE: X.509 All in One
    ... There are a number of ways to get a certificate, ... provides a means of encrypting and signing, in the case of SSL/TLS, a ... .cer is a different format. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: WinXP Pro Recovery Agent Backup
    ... The .cer has only the certificate and the .pfx has both the ... You need to put the .pfx somewhere safe. ... Anyone with that private key will be able to decrypt everyone else's files ... After you install the .cer in the recovery policy, ...
    (microsoft.public.windowsxp.security_admin)
  • Inventory Protection and PKI certificate
    ... My advanced clients are configured to sign and encrypt data before sending to ... All was working fine until I recently obtained a new PKI certificate ... for web server authentication for the Site server, ... public key that does not match the key published in the database. ...
    (microsoft.public.sms.inventory)