Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Trusted Certificate Authorities

Andrew_Jones
Nimbostratus
Nimbostratus

Can anyone tell me what in the certificate is being checked when you have "Trusted Certificate Authorities" configured

3 REPLIES 3

Erwin_de_Brouwer
Nimbostratus
Nimbostratus

Hi Andrew,

May need some more context on this question.

 

When you ask what exactly is being checked in a PKI certificate to validate it: It's taking the signature (encrypted hash) from the server certificate and decrypt that using the public-key of the signer. Then, comparing this value against the result of calculating your own hash of the server certificate.

 

The "Trusted Certificate Authorities" point to the valid signing chains for the certificate you expect to see from your server.

 

But probably you mean something else with your question, please abbreviatie.

Andrew_Jones
Nimbostratus
Nimbostratus

Hi Erwin

 

thanks for your quick reply

 

Do you know the parameters that are checked in the valid signing chain when you have a root cert in the Trusted Certificate Authorities eg date, CN

 

Andy

 

 

 

 

Erwin_de_Brouwer
Nimbostratus
Nimbostratus

In PKI the attributes that are used to built the CA chain are:

 

Preferred method implemented most of the time: AKI/SKI attributes. Authority Key Identifier of the certificate points to the Subject Key Identifier of it's signer -- public key hash values.

 

Alternative method:: Subject/Issuer attributes. Issuer of the certificate points to the Subject of it's signer -- named values.

 

Furthermore, validity of a certificate is always checked based on the "valid to" (datetime attribute) and CRL/OCSP checks.