Cryptography Tutorials - Herong's Tutorial Examples - v5.42, by Herong Yang
Viewing Certificate Details
This section provides a tutorial example on how to view certificate details when visiting an 'https' Web site in Chrome.
When you visit an "https" Web server, it will send its certificate to your browser. Server's certificate is needed by the browser for these 2 tasks:
- Your browser must validate the certificate to determine that the Web site can be trusted or not before doing any further communications.
- Your browser must use the public key in the certificate to help secure the communication messages sent and received.
Normally, your browser will do these 2 tasks automatically without your interaction. You don't need to know where is the server certificate and what's in the certificate.
But since I am interested to learn more about "https" communication, I want to see the server certificate. Here is what I did on Chrome 75 to see details of the server certificate.
1. Run Chrome and go to https://login.yahoo.com and wait for the log in page to be loaded.
2. Click the lock icon in front of the Web address field. A small pop up windows shows up.
3. Click the "Certificate" link on the pop up window. The Certificate dialog box shows up. The General tab tells me this information:
This certificate is intended for the following purpose(s): - Ensures the identify of a remote computer - Proves your identity to a remote computer Issued to: *.login.yahoo.com Issued by: DigiCert SHA2 High Assurance Server CA Valid from 3/18/2019 to 2/15/2020
4. If you click the Details tab, you will details of this certificate:
Version V3 Serial number 0332... Signature algorithm sha256RSA Signature has algorithm sha256 Issuer DigiCert SHA2 High Assurance Server CA Valid from Sunday, August 18, 2019 8:00:00 PM Valid to Saturday, February 15, 2020 8:00:00 AM Subject *.login.yahoo.com, Oath Inc, ... Public key RSA (2048 Bits) Authority Key Identifier KeyID=5168... Subject Key Identifier c55b... ... Thumbprint 39dcf2069ac7fae25f10937f8cb1c8b764bddab2
Cool. Now I see details of a real certificate for commercial uses. The picture below shows you steps to reach certificate details:
Notice that the "Certificate" dialog box used in Chrome is identical to "Certificate" dialog box used in IE (Internet Explorer) 11. See IE 11 tutorials for information provided on the "Certificate Path" tab.
Table of Contents
Introduction to AES (Advanced Encryption Standard)
DES Algorithm - Illustrated with Java Programs
DES Algorithm Java Implementation
DES Algorithm - Java Implementation in JDK JCE
DES Encryption Operation Modes
PHP Implementation of DES - mcrypt
Blowfish - 8-Byte Block Cipher
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
RSA Implementation using java.math.BigInteger Class
Introduction of DSA (Digital Signature Algorithm)
Java Default Implementation of DSA
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Cipher - Public Key Encryption and Decryption
OpenSSL Introduction and Installation
OpenSSL Generating and Managing RSA Keys
OpenSSL Generating and Signing CSR
OpenSSL Validating Certificate Path
"keytool" and "keystore" from JDK
"OpenSSL" Signing CSR Generated by "keytool"
Migrating Keys from "keystore" to "OpenSSL" Key Files
Certificate X.509 Standard and DER/PEM Formats
Migrating Keys from "OpenSSL" Key Files to "keystore"
►Using Certificates in Google Chrome
Visiting an "https" Web Site with Chrome
Exporting Certificate from Chrome to File