Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

htaccess multiple authuserfile, www.xxx.con, www.xxxcon, wwwxxx100www, www...xxxcon, www.xxxcon, error 1025 mysql errno:150, xxx.con, w.w.w.xxxcon, www,xxx.con

Links

XODOX
Impressum

#1: sample X.509 certificates?

Posted on 2007-02-21 03:38:50 by yawnmoth

I'd like to see how the X.509 certificate of a certificate authority
looks like. They're built into browsers, but I'd like to see the DER-
encoded version.

Also, according to what I've read about SSL/TLS, the client and the
server each send their own X.509 certificate. How might I go about
getting the latter? The client's (for example, FireFox's) X.509
certificate? I tried using WireShark to capture the packets as they
were being sent out but didn't see the certificates there...

Report this message

#2: Re: sample X.509 certificates?

Posted on 2007-02-21 06:44:37 by Doug McIntyre

"yawnmoth" <terra1024@yahoo.com> writes:
>I'd like to see how the X.509 certificate of a certificate authority
>looks like. They're built into browsers, but I'd like to see the DER-
>encoded version.

Look for the CAcertbundle from the Mozilla project. Won't look much
different than you'd see for any other cert.

>Also, according to what I've read about SSL/TLS, the client and the
>server each send their own X.509 certificate. How might I go about
>getting the latter? The client's (for example, FireFox's) X.509
>certificate? I tried using WireShark to capture the packets as they
>were being sent out but didn't see the certificates there...

Client X.509 certificates are very rare.

You should see the server X.509 certificate going over the wire during
conversation though. ie. use 'openssl s_client' command line command
and it'll dump it out for you as it talks.

Report this message

#3: Re: sample X.509 certificates?

Posted on 2007-02-21 13:08:43 by Ertugrul Soeylemez

"yawnmoth" <terra1024@yahoo.com> (07-02-20 18:38:50):

> I'd like to see how the X.509 certificate of a certificate authority
> looks like. They're built into browsers, but I'd like to see the DER-
> encoded version.

A CA certificate is basically a normal self-signed certificate. Nothing
more, nothing less. The encoding doesn't change much about the
contents.


> Also, according to what I've read about SSL/TLS, the client and the
> server each send their own X.509 certificate. How might I go about
> getting the latter? The client's (for example, FireFox's) X.509
> certificate?

Just generate it. You need to have it signed by somebody, either by
yourself (resulting in a self-signed certificate), by a friend (if Bob
knows them) or by a CA.


Regards,
E.S.

Report this message

#4: Re: sample X.509 certificates?

Posted on 2007-02-21 20:25:26 by Bruce Stephens

"yawnmoth" <terra1024@yahoo.com> writes:

> I'd like to see how the X.509 certificate of a certificate authority
> looks like. They're built into browsers, but I'd like to see the DER-
> encoded version.

The ca-certificates package from Debian contains many in PEM format.
<http://packages.debian.org/unstable/misc/ca-certificates>. You can
convert using OpenSSL: openssl x509 -in <pem-file> -outform DER -out <der-file>.

PKITS provides a source of test certs and CRLs:
<http://csrc.nist.gov/pki/testing/x509paths.html>.

> Also, according to what I've read about SSL/TLS, the client and the
> server each send their own X.509 certificate.

That's relatively rare.

Report this message