PKI Tutorials - Herong's Tutorial Examples - Version 2.02, by Dr. Herong Yang

PKI Tutorials - Herong's Tutorial Examples

http://www.herongyang.com/PKI

Copyright © 2015 by Dr. Herong Yang. All rights reserved.

HerongYang.com This PKI (Public Key Infrastructure) tutorial book is a collection of notes and sample codes written by the author while he was learning PKI technologies himself. Topics include CA, Certificate, Crypt::SSLeay, C#, Digital Signature, Firefox, HTTPS, IE, Java, JSSE, KeyStore, keytool, MMC, .NET, OpenSSL, PEM, Perl, PHP, PKI, S/MIME, SSL, TLS, X.509.

Table of Contents

About This Book

Introduction of PKI (Public Key Infrastructure)

What Is PKI (Public Key Infrastructure)?

Usage Examples of Public Key Infrastructure

Most Popular Certificate Authorities

Introduction of HTTPS (Hypertext Transfer Protocol Secure)

What Is HTTPS (Hypertext Transfer Protocol Secure)?

HTTPS Server Authentication Process

HTTPS Communication Data Encryption

Using HTTPS with IE (Internet Explorer) 10

Visiting "https" Web Site with IE 10

Viewing Server Certificate Details in IE 10

Viewing Server Certificate Path in IE 10

Installing Server Certificate Permanently in IE 10

Viewing Certificates in Certificate Stores in IE 10

Listing of Trusted Root CA in IE 10

Exporting Certificate to File from IE 10

Saving Server Certificate to File with IE 10

Deleting Certificates from IE 10

IE 10 Supporting Multiple Certificate Paths

IE 10 Reinstalling Root Certificates Automatically

Windows Automatic Root Update Mechanism

Using HTTPS with Chrome 40

Visiting "https" Web Site with Chrome 40

Viewing Server Certificate in Chrome 40

Viewing Server Certificate Path in Chrome 40

Exporting Server Certificate to File in Chrome 40

Viewing Trusted Root CA Certificates in Chrome 40

Listing of Trusted Root CA in Chrome 40

Exporting Root Certificate to File from Chrome 40

Deleting Root CA Certificates from Chrome 40

Chrome 40 Shares Windows PKI with IE

Using HTTPS with Firefox 35

Visiting "https" Web Site with Firefox 35

Viewing Server Certificate in Firefox 35

Server Certificate General Information

Viewing Server Certificate Path in Firefox 35

Exporting Server Certificate to File in Firefox 35

Viewing Pre-Installed Certificates in Firefox 35

Listing of Trusted Root CA in Firefox 35

Exporting Certificate to File from Firefox 35

Deleting Root CA Certificates from Firefox 35

Firefox 35 Displaying Certificate Error Page

Adding Security Exception in Firefox 35

Failing to Import Root CA Certificates to Firefox 35

Certificate Trust Settings in Firefox 35

Perl Scripts Communicating with HTTPS Servers

Installing Crypt::SSLeay 0.57 on Windows

Crypt::SSLeay Test Perl Script

HTTPS Request and Response Example

Asking Crypt::SSLeay to Verify Server's Certificate

Crypt::SSLeay Failing to Verify Server's Certificate

Multiple CA Certificates in a Single File

PHP Scripts Communicating with HTTPS Servers

Configuring PHP OpenSSL on Windows

Testing OpenSSL with file_get_contents()

OpenSSL Configuration Errors

SSL Context Options for OpenSSL

Asking OpenSSL to Verify Server's Certificate

OpenSSL Failing to Verify Server's Certificate

Multiple CA Certificates in a Single File

Testing OpenSSL with fopen()

Java Programs Communicating with HTTPS Servers

Java Secure Socket Extension (JSSE)

Using openStream() Method in java.net.URL Class

javax.net.ssl.trustStore System Property

Default Trusted KeyStore File - cacerts

PKIX Path Building Failed - No CA Certificate

Using openConnection() Method in java.net.URL Class

Certificate Stores and Certificate Console

Microsoft Management Console (MMC)

Creating Certificates Console as a MMC Snap-In

Exporting a List of Root CA Certificates

Viewing Certificate Properties and Purposes

Exporting a Root CA Certificate to a File

Deleting a Root CA Certificate

Importing a Root CA Certificate from a File

Dispabling a Root CA Certificate

.NET Programs Communicating with HTTPS Servers

System.Net.Request Class for HTTPS

Test with CA Certificate Disabled

Test with Second CA Certificate Disabled

.NET Program Failed with CA Certificates Deleted

.NET Reporting Certificate Validation Failed

CAcert.org - Root CA Offering Free Certificates

About CAcert.org

Join CAcert.org as a Member

Installing CAcert.org Root CA in Firefox 3

Installig CAcert.org Root CA in IE 8

Adding and Validating Domain Names

Generating Certificate Signing Request (CSR)

Getting Server Certificate Signed by CAcert.org

PKI CA Administration - Issuing Certificates

Root CA and Intermediate CA

Requesting and Signing Personal Certificate

Generating a Private-Public Key Pair for Amy

Generating a CSR (Certificate Signing Request)

Verifying Requester's Email Address

Exporting a Private Key from a KeyStore File

Signing a CSR into a Certificate

Importing Certificate Reply Back to KeyStore

"bad decrypt:./crypto/evp/evp_enc.c:461" Error

Requesting and Signing Server Certificate

Digital Signature - Microsoft Word 2007

What Is Digital Signature?

PKI Digital Signature

Applying Digital Signatures with MS Word 2007

Creating a Digital ID and Sign Word Documents

View Digital Signatures in Word Documents

Viewing Digital ID Created by MS Word

Obtaining a Trial Digital ID from ARX CoSign

Viewing Digital ID Obtained from ARX CoSign

Digital Signature - OpenOffice.org 3

OpenOffice.org 3 - Applying Digital Signatures

Converting KeyStore Files to PKCS12 Files

Importing Private-Public Key Pair with Internet Options

Viewing a Certificate with a Private Key

Importing CA Certificates into the Trusted Store

Signing OpenOffice.org 3 Document Failed

Generating CSR for a Personal Certificate

Getting Personal Certificate Signed by CAcert.org

Storing Personal Certificate with Its Keys

Installing Personal Certificate with Internet Options

Signing OpenOffice.org 3 Document Worked

S/MIME and Email Security

What Is S/MIME?

Digital Signature Scheme for Email Messages

A Simple Email Message Example

Email Messages with Attachments using MIME

Email Messages with Digital Signatures using S/MIME

Encrypted Email Messages using S/MIME

Digital Signature and Encryption in Outlook 2007

Email Security Settings in Outlook 2007

Valid Certificate Required in Outlook 2007

Message Security Properties in Outlook 2007

Firefox Extension - Gmail S/MIME

PKI (Public Key Infrastructure) Terminology

Outdated Tutorials

Outdated: Windows XP Component "Update Root Certificates"

Outdated: Windows XP Component - Removing "Update Root Certificates"

Outdated: IE 8 Displaying Certificate Error Page

Outdated: IE 8 Displaying Certificate Error Icon

Outdated: Viewing Certificate Path Validation Error in IE 8

Outdated: Importing Root Certificate from a File to IE 8

References

Printable Copy - PDF Version

Keywords: PKI, Public, Key, Infrastructure, Security, Tutorial

Table of Contents - Updated in 2015, by Dr. Herong Yang