Requesting and Signing Personal Certificate

This section describes basic steps of issuing (requesting and signing) personal certificates. A Class 1 personal certificate only contains the person's email.

Based on my understanding, here are basic steps of issuing a personal certificate:

1. The person who wants to get a personal certificate needs use a tool to generate a private-public key pair.

2. The person then needs to generate a CSR (Certificate Signing Request), which includes the person's public key and identity information, like name, email address, etc.

3. The root CA or intermediate CA needs to verify the person's identity.

4. The CA issues a personal certificate which includes the person's verified identity information.

The picture below shows you 4 basic steps of issuing a personal certificate:

PKI - Signing Personal Certificate
PKI - Signing Personal Certificate

Certificates are usually classified based how much identity information is verified by the CA. For example, if only the person's email is verified, then a Class 1 personal certificate will be issued.

Last update: 2011.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with IE (Internet Explorer)

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 Windows Certificate Stores and Console

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

PKI CA Administration - Issuing Certificates

 Root CA and Intermediate CA

Requesting and Signing Personal Certificate

 Generating a Private-Public Key Pair for Amy

 Generating a CSR (Certificate Signing Request)

 Verifying Requester's Email Address

 Exporting a Private Key from a KeyStore File

 Signing a CSR into a Certificate

 Importing Certificate Reply Back to KeyStore

 "bad decrypt:./crypto/evp/evp_enc.c:461" Error

 Requesting and Signing Server Certificate

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 Full Version in PDF/EPUB