PKI Certificate Tutorials - Herong's Tutorial Examples - v1.12, by Herong Yang
PKI Certificate Tutorials - Herong's Tutorial Examples
https://www.herongyang.com/PKI-Certificate
Copyright © 2024-2024 Herong Yang. All rights reserved.
This tutorial book is a collection of notes and sample codes written by the author while he was learning PKI certificate related technologies. Topics include PKI architecture and CA (Certificate Authorities); PKI certificate types and DER/PEM file formats; Certificate tools: OpenSSL and 'keytool'; Certificate stores, PKCS7 and PKCS12 file formats. Updated in 2024 (Version v1.12) with minor changes.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
What Is PKI (Public Key Infrastructure)
Usage Examples of Public Key Infrastructure
Most Popular Certificate Authorities
Introduction of PKI Certificate
Usage Types of PKI Certificates
Certificate Data Fields and X.509 Standard
Intermedate CA Certificate Example
End Entity Certificate Example
What Is ASN.1 (Abstract Syntax Notation One)
What Is BER (Basic Encoding Rules)
ASN.1 Type Modifier - Type Tagging
What Is DER (Distinguished Encoding Rules)
PKI Certificate Structure in ASN.1 Notations
PKI Certificate in Base64 Format
PKI Certificate File Viewer and Decoder
PKI Certificate File ASN.1 Parser
Certificate Wrapped in PKCS7 Formats
Certificate Wrapped in PKCS12 Formats
Certificate File Format Summary
OpenSSL - Cryptography Toolkit
"openssl genpkey" - Generate Private Key
"openssl genpkey -algorithm RSA" - RSA Private Key
"openssl genpkey -algorithm EC" - EC Private Key
"openssl req" - CSR (Certificate Signing Request)
"openssl req -new" - Generate CSR from Key
"openssl req -newkey ..." - Generate Key and CSR
"openssl req -x509" - Generate Self-Signed Certificate
"openssl x509" - X.509 Certificate Command
"openssl x509 -CA ..." - CA Signing Certificate
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
"keytool" - Key and Certificate Management Tool
"keytool -genkeypair" - Generate Key with Self-Signed Certificate
"keytool -export/import" - Export and Import Certificates
"keytool -keyclone" - Clone Self-Signed Certificate with New Identity
"keytool -certreq" - Generate CSR (Certificate Signing Request)
"keytool -gencert" - Sign CSR with CA certificate
"keytool -gencert -ext" - Sign CSR with X.509 Extensions
Export Key Pair using "keytool -importkeystore"
What Is Windows Certificate Store
What Is PEM Certificate Bundle
What Is PKCS12 Certificate Bundle
PKCS12 Certificate Bundle File
"openssl pkcs12 -export" - Certificate and Key Bundle
"openssl pkcs12 -export" - Certificate Chain and Key Bundle
"openssl pkcs12 -export" - 3-Level Certificate Chain and Key Bundle
"openssl pkcs12 -export" - Limitations and Errors
"keytool -genkeypair" - Certificate and Key Bundle
"keytool -importcert" - Certificate-Only Bundle
"keytool -storetype pkcs12" - Limitations and Errors
ASN.1 Data Structure of PKCS13 File
"openssl crl2pkcs7 -nocrl" - PKCS7 Certificate File
"openssl crl2pkcs7 -nocrl" - PKCS7 Certificate Chain
ASN.1 Data Structure of PKCS7 File
Keywords: PKI, Public, Key, Infrastructure, Certificate