PKI Tutorials - Herong's Tutorial Examples - Version 2.10, by Dr. Herong Yang
Root CA and Intermediate CA
This section describes the relation between a root CA and an intermediate CA and personal or server certificates issued by the intermediate CA.
After getting my PKI certificate issued by the root CA, CAcert.org, can I become an intermediate CA to sign and issue certificates for other servers and individuals?
The answer is yes in theory as shown in this diagram:
The diagram shows you that:
With the private-public key pair and the personal certificate, Amy or Bob can now use PKI enabled applications to perform security related tasks, like adding digital signatures to emails or documents.
With the private-public key pair and the server certificate, www.abc.com or www.xyz.com can now use PKI enabled communication protocols to perform secure transactions, like offering HTTPS based Web sites.
See next sections for tutorial examples on how to issue server and personal certificates.
Last update: 2011.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with Google Chrome
Using HTTPS with Mozilla Firefox
HTTPS with IE (Internet Explorer)
Perl Scripts Communicating with HTTPS Servers
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
Windows Certificate Stores and Console
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
►PKI CA Administration - Issuing Certificates
Requesting and Signing Personal Certificate
Generating a Private-Public Key Pair for Amy
Generating a CSR (Certificate Signing Request)
Verifying Requester's Email Address
Exporting a Private Key from a KeyStore File
Signing a CSR into a Certificate
Importing Certificate Reply Back to KeyStore
"bad decrypt:./crypto/evp/evp_enc.c:461" Error
Requesting and Signing Server Certificate
Comodo Free Personal Certificate
Digital Signature - Microsoft Word
Digital Signature - OpenOffice.org 3