04-Nov-2021 07:41
Can anyone tell me what in the certificate is being checked when you have "Trusted Certificate Authorities" configured
04-Nov-2021 10:48
Hi Andrew,
May need some more context on this question.
When you ask what exactly is being checked in a PKI certificate to validate it: It's taking the signature (encrypted hash) from the server certificate and decrypt that using the public-key of the signer. Then, comparing this value against the result of calculating your own hash of the server certificate.
The "Trusted Certificate Authorities" point to the valid signing chains for the certificate you expect to see from your server.
But probably you mean something else with your question, please abbreviatie.
05-Nov-2021 00:00
Hi Erwin
thanks for your quick reply
Do you know the parameters that are checked in the valid signing chain when you have a root cert in the Trusted Certificate Authorities eg date, CN
Andy
05-Nov-2021 10:39
In PKI the attributes that are used to built the CA chain are:
Preferred method implemented most of the time: AKI/SKI attributes. Authority Key Identifier of the certificate points to the Subject Key Identifier of it's signer -- public key hash values.
Alternative method:: Subject/Issuer attributes. Issuer of the certificate points to the Subject of it's signer -- named values.
Furthermore, validity of a certificate is always checked based on the "valid to" (datetime attribute) and CRL/OCSP checks.