PKI Certificate Tutorials - Herong's Tutorial Examples

https://www.herongyang.com/PKI-Certificate

Copyright © 2024-2024 Herong Yang. All rights reserved.

PKI Tutorials This tutorial book is a collection of notes and sample codes written by the author while he was learning PKI certificate related technologies. Topics include PKI architecture and CA (Certificate Authorities); PKI certificate types and DER/PEM file formats. Updated in 2024 (Version v1.10) with minor changes.

Table of Contents

About This Book

Introduction of PKI (Public Key Infrastructure)

What Is PKI (Public Key Infrastructure)

Usage Examples of Public Key Infrastructure

Most Popular Certificate Authorities

Introduction of PKI Certificate

What Is PKI Certificate

Usage Types of PKI Certificates

Certificate Data Fields and X.509 Standard

Root CA Certificate Example

Intermedate CA Certificate Example

End Entity Certificate Example

OIDs Used in PKI Certificate

PKI Certificate File Formats

What Is ASN.1 (Abstract Syntax Notation One)

What Is BER (Basic Encoding Rules)

BER Encoding Examples

ASN.1 Type Modifier - Type Tagging

What Is DER (Distinguished Encoding Rules)

PKI Certificate Structure in ASN.1 Notations

PKI Certificate in DER Format

PKI Certificate in Base64 Format

PKI Certificate in PEM Format

PKI Certificate File Viewer and Decoder

PKI Certificate File ASN.1 Parser

OpenSSL - Cryptography Toolkit

What Is OpenSSL

What Is "openssl" Command

"openssl genpkey" - Generate Private Key

"openssl genpkey -algorithm RSA" - RSA Private Key

"openssl genpkey -algorithm EC" - EC Private Key

"openssl req" - CSR (Certificate Signing Request)

"openssl req -new" - Generate CSR from Key

"openssl req -newkey ..." - Generate Key and CSR

"openssl req -x509" - Generate Self-Signed Certificate

"openssl x509" - X.509 Certificate Command

"openssl x509 -CA ..." - CA Signing Certificate

"openssl ca" - CA (Certificate Authority) Tool

"openssl ca" - CA Signing Certificate

openssl.cnf - OpenSSL Configuration File

Use "openssl ca" as Root CA

Add "keyUsage" into Root CA

Use "openssl ca" as Intermediate CA

Create Web Server Certificate

OpenSSL CA Database Files

"openssl.cnf" Example and Usages

Java "keytool" Commands and KeyStore Files

What Is Java KeyStore File?

"keytool" - Key and Certificate Management Tool

"keytool -genkeypair" - Generate Key with Self-Signed Certificate

"keytool -export/import" - Export and Import Certificates

"keytool -keyclone" - Clone Self-Signed Certificate with New Identity

"keytool -certreq" - Generate CSR (Certificate Signing Request)

"keytool -gencert" - Sign CSR with CA certificate

"keytool -gencert -ext" - Sign CSR with X.509 Extensions

Export Key Pair using "keytool -importkeystore"

PKI Certificate Store

What Is PKI Certificate Store

What Is Windows Certificate Store

What Is macOS KeyChain

What Is Linux Truststore

What Is Java KeyStore

What Is PEM Certificate Bundle

What Is PKCS12 Certificate Bundle

PKCS12 Certificate Bundle File

What Is PKCS12 File Format

"openssl pkcs12 -export" - Certificate and Key Bundle

"openssl pkcs12 -export" - Certificate Chain and Key Bundle

"openssl pkcs12 -export" - 3-Level Certificate Chain and Key Bundle

"openssl pkcs12 -export" - Limitations and Errors

"keytool -genkeypair" - Certificate and Key Bundle

"keytool -importcert" - Certificate-Only Bundle

"keytool -storetype pkcs12" - Limitations and Errors

ASN.1 Data Structure of PKCS13 File

PKCS7 Certificate Chain File

What Is PKCS7 File Format

"openssl crl2pkcs7 -nocrl" - PKCS7 Certificate File

"openssl crl2pkcs7 -nocrl" - PKCS7 Certificate Chain

ASN.1 Data Structure of PKCS7 File

PKI Certificate Related Terminology

References

Full Version in PDF/EPUB

Keywords: PKI, Public, Key, Infrastructure, Certificate