Appendix A: Digital certificates
A digital certificate is an integral component of the SSL encryption technology. The digital certificate
provides data integrity by ensuring that a third party cannot insert false data into the encrypted data
stream. A digital certificate includes a public key based on RSA encryption and an accompanying
digital signature (see Table A-1).
Table A-1.
Components of digital certificates
Digital certificate component
Example
Unique name of owner
Subject DN: cn = Bob Smith, c = ACME, C = US
Unique serial number
8391037
Period of validity
Start: 1/5/97 1:02
End: 7/5/98 1:02
Revocation Information
CRL: cn = CRL2, 0 = ACME, c = US
Alternate subject identifiers
SubjectAltName: IP, DNS, email
Public key
mQCpAi3aE40AAAEE4KSlkYOhLlSNTrVcbogQuto…
Digital signature of certificate
authority
wJD3Wsm8VqCQSjK/YpwAi+drsqz4E…
Name of issuing certificate
authority
CA DN: o = ACME, c = US
A digital signature typically uses the sophisticated encryption of the RSA encryption algorithm rather
than a simple hashing signature (Figure A-1). The RSA algorithm, developed by Rivest, Shamir, and
Adleman, is widely used for encrypting data using a public key/private key system. Also known as
“asymmetric” cryptography, this system uses a widely distributed public key and a private key that
remains secret to the owner. The two keys are mathematically linked so that data encrypted with the
public key can be decrypted only with the private key. Conversely, data encrypted with the private
key can be decrypted only with the public key. Because the algorithm uses two large prime numbers
(the public key and the private key) that are difficult to factor, the algorithm is difficult to compute and
therefore gives any data encrypted with that algorithm a reasonable amount of security.
36
