Skip to content

PKI

links: SPA TOC - Certificates and PKI - Index

This topic was already handled in AC2 - Public Key Infrastructure. This document adds some redundancy but summarizes the talking points discussed in the module SPA.

PKI Components

  • Certificate Authority (CA)
  • Registration Authority (RA)
  • Validation Authority (VA)
  • End Entity (EE)
  • Repository

PKI Architecture

PKI-Overview.png

pki-architecture.png

Certificate Request (PKCS#10)

certificate-request.png

openssl req -in newreq.pem -text

Certificate Request:
    Data:
        Version: 1 (0x0)
        Subject: C = CH, ST = Bern, L = Bern, O = BFH, OU = Informatics, CN = client01.n025.nslab.ch
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a1:cb:f0:ef:cf:aa:dc:86:f5:
                    ...
                Exponent: 65537 (0x10001)
            Attributes:
                (none)
                Requested Extensions:
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        11:81:c3:64:19:22:bf:bb:10:5b:
        ...

How a certificate is created

certificate-creation.png

links: SPA TOC - Certificates and PKI - Index