PKI Tutorials - Herong's Tutorial Examples

https://www.herongyang.com/PKI

Copyright © 2010-2022 Herong Yang. All rights reserved.

PKI Tutorials This tutorial book is a collection of notes and sample codes written by the author while he was learning PKI (Public Key Infrastructure) technologies himself. Topics include Root CA (Certificate Authorities); SSL, TLS, and HTTPS; Server and client authentication processes; Communication data encryption; Using HTTPS with Chrome, Firefox, Edge, Safari and Internet Explorer; Managing certificates on Windows, macOS, iOS and Android systems; X.509 certificate format; Certificate store and management tools; Certificate validation chain; Self-signed certificate and CSR; Digital signature on MS Word and OpenOffice documents; Get free personal certificate from Comodo. Updated in 2022 (Version v2.32) with macOS and Safari tutorials.

Table of Contents

About This Book

Introduction of PKI (Public Key Infrastructure)

What Is PKI (Public Key Infrastructure)

Usage Examples of Public Key Infrastructure

Most Popular Certificate Authorities

Introduction of HTTPS (Hypertext Transfer Protocol Secure)

What Is HTTPS (Hypertext Transfer Protocol Secure)?

HTTPS Server Authentication Process

HTTPS Communication Data Encryption

Using HTTPS with Google Chrome

Visiting "https" Website with Google Chrome

Viewing Server Certificate in Google Chrome

Viewing Server Certificate Path in Google Chrome

Exporting Server Certificate to File in Google Chrome

Viewing Trusted Root CA Certificates in Google Chrome

Listing of Trusted Root CA in Google Chrome

Exporting Root Certificate to File from Google Chrome

Deleting Root CA Certificates from Google Chrome

Google Chrome Shares Windows PKI with IE

Using HTTPS with Mozilla Firefox

Visiting "https" Website with Mozilla Firefox

Viewing Server Certificate in Mozilla Firefox

Server Certificate General Information

Viewing Server Certificate Path in Mozilla Firefox

Exporting Server Certificate to File in Mozilla Firefox

Viewing Pre-Installed Certificates in Mozilla Firefox

Listing of Trusted Root CA in Mozilla Firefox

Exporting Certificate to File from Mozilla Firefox

Deleting Root CA Certificates from Mozilla Firefox

Mozilla Firefox Displaying Certificate Error Page

Adding Security Exception in Mozilla Firefox

Failing to Import Root CA Certificates to Mozilla Firefox

Certificate Trust Settings in Mozilla Firefox

HTTPS with Microsoft Edge

Using HTTPS with Apple Safari

Visiting "https" Website with Apple Safari

Showing Server Certificate in Apple Safari

Viewing Certificate Details in Apple Safari

View Server Certificate Path in Apple Safari

Export Server Certificate to File from Safari

View Trusted Root CA Certificates in Safari

HTTPS with IE (Internet Explorer)

Visiting "https" Website with IE

Viewing Server Certificate Details in IE

Viewing Server Certificate Path in IE

Installing Server Certificate Permanently in IE

Viewing Certificates in Certificate Stores in IE

Listing of Trusted Root CA in IE

Exporting Certificate to File from IE

Saving Server Certificate to File with IE

Deleting Certificates from IE

IE Supporting Multiple Certificate Paths

IE Reinstalling Root Certificates Automatically

Windows Automatic Root Update Mechanism

Android and Server Certificate

Visiting "https" Website with Chrome on Android Phone

"Your connection is not private" with Chrome on Android Phone

Viewing Server Certificate with Chrome on Android Phone

Viewing Server Certificate Path with Chrome on Android Phone

Trusted Certificate Store on Android phone

Downloading Trusted Root Certificate on Android phone

Installing Trusted Root Certificate on Android phone

Installing Website Server Certificate on Android Phone

iPhone and Server Certificate

Visiting "https" Website with Safari on iOS 10 iPhone

"Cannot Verify Server Identity" with Safari on iOS 10

Visiting "https" Website with Chrome on iOS 10 iPhone

"Your connection is not private" with Chrome on iOS 10

Installing Website Server Certificate on iOS 10 iPhone

Trusted Certificate Store on iOS 10 iPhone

Install Trusted Root Certificate on iOS 10 iPhone

View Certificate Profile on iOS 10 iPhone

Enable Full Trust for Root Certificate on iOS 10 iPhone

Windows Certificate Stores and Console

Microsoft Management Console (MMC)

Creating Certificate Console as a MMC Snap-In

Exporting a List of Root CA Certificates

Viewing Certificate Properties and Purposes

Exporting a Root CA Certificate to a File

Deleting a Root CA Certificate

Importing a Root CA Certificate from a File

Disabling a Root CA Certificate

RDP (Remote Desktop Protocol) and Server Certificate

Running "Remote Desktop Connection" Using RDP

Showing RDP Server Certificate Failed Error

Viewing and Installing RDP Server Certificate

RDP Server Certificate Location

macOS Certificate Stores and Keychain Access

What Is Keychain Access on macOS

Listing of Trusted Root CA in macOS

Exporting Root Certificate to File from macOS

Delete/Untrust Certificates from macOS

Unlock Keychain to Access Certificate on macOS

Import Server Certificates to macOS

Create My Own Root CA on macOS

Review My Root CA Certificate on macOS

Review Private Key of My CA Certificate on macOS

Generate CSR (Certificate Signing Request) on macOS

Issue New Certificate with My CA on macOS

Verify Certificate Signed by My CA on macOS

Keychain File Locations on macOS

CA Certificates at "/etc/ssl | /private/etc/ssl"

Perl Scripts Communicating with HTTPS Servers

Installing Crypt::SSLeay 0.72 on Windows

LWP Library Supports HTTPS

LWP SSL verify_hostname Setting

LWP SSL List of Root CA Certificates

Crypt::SSLeay Test Perl Script

HTTPS Request and Response Example

Asking Crypt::SSLeay to Verify Server's Certificate

Crypt::SSLeay Failing to Verify Server's Certificate

Multiple CA Certificates in a Single File

PHP Scripts Communicating with HTTPS Servers

Configuring PHP OpenSSL on Windows

Testing OpenSSL with file_get_contents()

OpenSSL Configuration Errors

SSL Context Options for OpenSSL

Asking OpenSSL to Verify Server's Certificate

OpenSSL Failing to Verify Server's Certificate

Multiple CA Certificates in a Single File

Testing OpenSSL with fopen()

Testing OpenSSL with fsockopen()

Adding CA Certificates for the PHP Engine

Testing OpenSSL with stream_socket_client()

Java Programs Communicating with HTTPS Servers

Java Secure Socket Extension (JSSE)

Using openStream() Method in java.net.URL Class

javax.net.ssl.trustStore System Property

Default Trusted KeyStore File - cacerts

PKIX Path Building Failed - No CA Certificate

Using openConnection() Method in java.net.URL Class

.NET Programs Communicating with HTTPS Servers

CAcert.org - Root CA Offering Free Certificates

About CAcert.org

Join CAcert.org as a Member

Installing CAcert.org Root CA in Firefox

Installing CAcert.org Root CA in IE

Adding and Validating Domain Names

Generating Certificate Signing Request (CSR)

Getting Server Certificate Signed by CAcert.org

PKI CA Administration - Issuing Certificates

Comodo Free Personal Certificate

Applying Free Personal Certificate at Comodo

Installing Comodo Personal Certificate with Firefox

Viewing Comodo Personal Certificate in Firefox

Backing up Comodo Personal Certificate from Firefox

Exporting Public Key Certificate from Firefox

Installing Comodo Personal Certificate with Chrome

Installing Comodo Personal Certificate to Windows

Viewing Comodo Personal Certificate in Windows

Digital Signature - Microsoft Word

Digital Signature - OpenOffice.org 3

OpenOffice.org 3 - Applying Digital Signatures

Converting KeyStore Files to PKCS12 Files

Importing Private-Public Key Pair with Internet Options

Viewing a Certificate with a Private Key

Importing CA Certificates into the Trusted Store

Signing OpenOffice.org 3 Document Failed

Generating CSR for a Personal Certificate

Getting Personal Certificate Signed by CAcert.org

Storing Personal Certificate with Its Keys

Installing Personal Certificate with Internet Options

Signing OpenOffice.org 3 Document Worked

S/MIME and Email Security

What Is S/MIME

Digital Signature Scheme for Email Messages

A Simple Email Message Example

Email Messages with Attachments using MIME

Email Messages with Digital Signatures using S/MIME

Encrypted Email Messages using S/MIME

Digital Signature and Encryption in Outlook

Email Security Settings in Outlook

Valid Certificate Required in Outlook

Message Security Properties in Outlook 2007

Firefox Extension - Gmail S/MIME

PKI (Public Key Infrastructure) Terminology

Archived Tutorials

Archived: Viewing Server Certificate in Chrome 40

Archived: Viewing Server Certificate in Firefox 35

Archived: Viewing Pre-Installed Certificates in Firefox 35

Archived: Firefox 35 Displaying Certificate Error Page

Archived: Adding Security Exception in Firefox 35

Archived: Windows XP Component "Update Root Certificates"

Archived: Creating Certificates Console on Windows XP

Archived: Applying Digital Signatures with Word 2007

Archived: Creating a Digital ID and Sign Word Documents

Archived: Viewing Digital ID Created by MS Word

Archived: Obtaining a Trial Digital ID from ARX CoSign

Archived: Viewing Digital ID Obtained from ARX CoSign

Archived: Windows XP Component - Removing "Update Root Certificates"

Archived: IE 8 Displaying Certificate Error Page

Archived: IE 8 Displaying Certificate Error Icon

Archived: Viewing Certificate Path Validation Error in IE 8

Archived: Importing Root Certificate from a File to IE 8

References

Full Version in PDF/EPUB

Keywords: PKI, Public, Key, Infrastructure, Security