[Q] How to get the CA's certificate from a given DN?
[Q] How to get the CA's certificate from a given public key?
[try]
C#,
X509Chain xChain;
X509Certificate2 cert;
...
xChain.Build(cert);
...
X509ChainElement
...
[ref]
X509Chain,
http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509chain.aspx
online certificate chain check,
http://forums.asp.net/t/1149495.aspx
//===
- certificate chain = certificate path
- DN= Distinguished Name
- CN= Common Name
//=== Digital certificate (or Certificate for short)
Digital certificates are used to authenticate an entity( a person, an organization, a company, ...) by "a chain of trust" .
The chain is formed topdown?, with a root authority(RA) at the top.
To view any certificate's chain,
- trigger MMC snap-in by double-clicking a certificate,
- then click the Certificate Path tab.
//===
The root authority certificate at the top of a certificate chain is self-issued.
//=== Distinguished Name (DN) uniquely identifies an entity in an X.509 certificate.
Attribute types in DN:
- CN: Common Name
- T : Title
- O : Organization name
- OU : Organizational Unit name
- L : Locality name
- ST (or SP or S) : State or Province name
- C : Country
//=== Digital certificate (Certificate for short)
A digital certificate contain at least the following information
- The owner's public key
- The owner's Distinguished Name (Owner's DN)
- The Distinguished Name of the CA that is issuing the certificate (issuer's DN)
- The date from which the certificate is valid (Valid From)
- The expiry date of the certificate (Valid To)
- A version number
- A serial number (SN)
[ref]
http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzahu/rzahudistname.htm
http://java.sun.com/j2se/1.5.0/docs/guide/security/cert3.html
http://www.iona.com/support/docs/orbix2000/2.0/tls/html/OpenSSL4.html
沒有留言:
張貼留言