PKI Certificate Tutorials - Herong's Tutorial Examples
∟Introduction of PKI Certificate
∟Usage Types of PKI Certificates
This section describes PKI certificate types categorized according to their usages.
Depending on their usages: PKI certificates can be categorized
into multiple types:
- CA Certificates -
Used by Certificate Authorities (CA) to sign other certificates.
- Client Certificates, also called Client Authentication Certificates -
Used by client side users/systems to authenticate themselves to remote servers.
- Code Signing Certificates (CSC) -
Used by software vendors to sign their software packages.
- Document Signing Certificates (DSC) -
Used by email users to sign and/or encrypt emails.
- Email Certificates, also called Email Signing Certificates,
S/MIME Certificates -
Used by email users to sign and/or encrypt emails.
- Ephemeral Certificates, also called DevOps Certificates -
Used by development or test systems to provide temporary authentications.
Ephemeral certificates are automatically generated and short-lived.
- IoT Certificates, also called IoT Device Certificates -
Used by IoT devices to authenticate device identities and
secure communications between two devices.
- Personal certificates, also called Personal Authentication Certificates -
Used by end users to sign and/or encrypt digital documents.
Personal certificates may also refer to certificates used
to authenticate end users to remote service providers,
instead using traditional passwords.
- SSL/TLS Certificates, also called Website Certificates or Server Certificates -
Used by Websites to authenticate their identity and
secure Web page communications.
- Verified Mark Certificates (VMC) -
Mainly used by email servers to certify their logos,
which are associated with their outgoing emails.
Certified logos will be displayed in receiving email inboxes
to help reducing phishing emails.
Certificates can also be categorized into 3 levels based on
their locations in the certificate signing chain.
- Root CA Certificates -
Used to sign Intermediate CA Certificates, not End User Certificates.
- Intermediate CA Certificates, also called Subordinate CA Certificates -
Used to sign End User Certificates or other Intermediate CA Certificates.
- End Entity Certificates -
Used to identify end users, systems or organizations,
and not allowed to sign other certificates.
Table of Contents
About This Book
Introduction of PKI (Public Key Infrastructure)
►Introduction of PKI Certificate
PKI Certificate File Formats
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKI Certificate Store
PKCS12 Certificate Bundle File
PKCS7 Certificate Chain File
PKI Certificate Related Terminology
References
Full Version in PDF/EPUB