Filter
Top Products
292
Dialogic Corporation
A private key is used to decipher the information encrypted by the public key in the certificate. An
example of private key in PEM format is shown below.
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDcgY+Gt//MY/9rK7vy0CFxv0/qEay5zm6H764AT4UDhHbJJRyf
M0OjGpam6I01+RrhuZC47hUtzEdtqTL6dfxs6v3GS88iJkn2RruZ5ZK30i8i9iay
W1I3E3B43wnmL9Db7qqeqRQny1o4WireTvpjfJpnbKyO8Ypj2OmCCi1xewIDAQAB
AoGAc4HCx1U3P7/aGi+sooL4IfePSxO7IRHLwJWC1lLRYIhRGQjBt3tJIPVamVAU
OIOm2zszXkwI+BacDAun0p9ffE1NQaIyihpoTxMThYhQgmpVUdtsz0UqRhMFB+o+
Glf236M2fQr4nTdHvW8OVAhUzGQf7yfR48Ntx6ekjf2B6BECQQD6vSTUApa9UPGD
cPUzEaoCNergUPdM6G72+Gls9NSI73AHYBGA97ba23gah/hBjmjdziF0UxmPAP4Q
KgP1haCXAkEA4SIFJIwg4v8fUIIp9KmhM60RAT+diqLJ90AJPy4x3aLM38YJuRfk
F30ALePuR7MkvuP994GnsfUg9cWjzENuvQJBAO+QN9e4gX1wENCc5Cle/ygNi9O2
iBGbIiolPdU0Nrx+yHLDfvXRt4tzlVUEBFXeUqNZhu01WH4hXJzlB9NVURECQCaT
y8nNcT00dks3YrUX9BWEzGsoWXiOGImToYIACm9uHCkkKDpdS6pysvsqGYSTv/It
4zDsOK4X0QQMT9sKmwkCQAZN7GNJ8QSgwMgwDw4hkmu+GHUXLC6cF68xdUurA2Gc
olCWLrdlpqJSUzp1XHXff/oqEygwjNmPbVujES09c4w=
-----END RSA PRIVATE KEY-----
A Certificate Authority (CA) authorizes certificates by signing the contents using its private key.
Certificate Authorities are well known authorities, whose signatures are known and trusted. By
signing other certificates, they act as a digital notary. A number of commercial CAs are available,
such as VeriSign and Thawte, and there are also some free CAs, such as www.cacert.org. For test
purposes, or for a case where the links to be secured will be local calls that use the local CA, it is
also possible for a system to install its own CA, using OpenSSL for example.
It often occurs that a client will not accept a certificate supplied by a server because the certificate
is signed by an intermediate CA which is not known to the client. The client typically states that the
validity of the certificate cannot be verified. In such cases, a chained SSL certificate or certificate
group may allow the client to accept the server’s certificate by connecting it back to a CA that is
known and trusted by the client.
A certificate chain is a sequence of certificates, where each certificate in the chain is signed by the
subsequent certificate. The purpose of certificate chain is to establish a chain of trust from a peer
certificate to a trusted Certification Authority (CA) certificate. The CA vouches for the identity in
the peer certificate by signing it. If the CA is one that you trust (indicated by the presence of a copy
of the CA certificate in your root certificate directory), this implies you can trust the signed peer
certificate as well.
To illustrate a certificate chain, we show three fictional example certificates: root.pem,
serverCA.pem and server.pem.
First, the root.pem certificate. Note that the certificate is self-signed and X509v3 Basic Constrains
shows CA:TRUE.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10 (0xa)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=New Jersey, O=dialgic.com, CN=hmfu-
rootCA.dialogic.com/emailAddress=h.fu@dialogic.com
Validity
Not Before: Nov 21 17:36:28 2005 GMT
Not After : Nov 21 17:36:28 2006 GMT
Subject: C=US, ST=New Jersey, O=dialogic.com, CN=hmfu-
rootCA.dialogic.com/emailAddress=h.fu@dialogic.com
Subject Public Key Info: