It is basically a human-readable expression of the data that's in the certificate. Theoretically, the certificate could be regenerated from the data in this expression, but I've never seen an implementation that makes it possible.
This certificate is in violation of PKIX because its serial number is not a positive integer, by the way. -Kyle H On Wed, Jun 17, 2009 at 10:50 AM, Satish Chandra Kilaru<iam.kil...@gmail.com> wrote: > Hi > > In the following sample certificate, there is a tun of information > before --BEGIN CERTIFICATE--. > Who is this for? Is it for a human reader to make sense of who/what > this certificate is certifying? If it is for a s/w program that uses > certificates, how is this information supposed to be used? > > Thanks in advance. > > --Satish > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 0 (0x0) > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=US, ST=NJ, O=CVLT, OU=dev, CN=****/emailaddress=*...@****.com > Validity > Not Before: May 1 01:07:24 2009 GMT > Not After : Apr 30 01:07:24 2012 GMT > Subject: C=US, ST=NJ, O=CVLT, OU=dev, > CN=****/emailaddress=*...@****.com > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > Modulus (1024 bit): > 00:a6:d9:82:67:67:8c:70:c7:4b:5f:d0:e3:24:2d: > ee:b3:79:ad:85:73:03:64:f2:64:fc:e6:a4:fd:b8: > 43:23:b2:a4:15:31:d5:ed:01:0d:c7:14:8b:a7:c2: > e6:b5:3a:8a:df:99:de:b9:ac:d9:6f:c6:6d:91:bd: > 43:d5:11:a5:bb:e4:9d:ae:99:a6:53:1f:44:9d:0d: > 8e:4d:46:32:9e:0b:a8:ce:37:54:7f:ae:cc:35:3d: > b7:6e:64:54:25:9c:63:8c:b2:d8:3a:92:ce:b4:57: > ca:08:cb:ef:ca:2c:20:59:79:a7:35:1c:85:ba:32: > b3:9f:38:72:37:76:34:e0:05 > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Basic Constraints: > CA:FALSE > Netscape Comment: > OpenSSL Generated Certificate > X509v3 Subject Key Identifier: > 09:89:A7:7B:66:C3:58:4D:4C:C5:80:C0:42:91:04:D2:67:04:C8:A1 > X509v3 Authority Key Identifier: > > keyid:09:89:A7:7B:66:C3:58:4D:4C:C5:80:C0:42:91:04:D2:67:04:C8:A1 > > Signature Algorithm: sha1WithRSAEncryption > 0f:76:38:a8:d3:e6:a4:59:3f:ad:bd:60:69:c2:20:88:f0:20: > 74:ca:55:ae:d3:f0:f7:e9:a6:68:16:7e:b2:b4:e0:c5:45:5b: > b4:94:60:a6:83:20:95:4c:72:04:80:93:4a:6b:64:20:ad:74: > c4:1d:da:31:fd:37:92:d4:d8:46:a1:95:fc:4c:fc:85:6d:4f: > 56:18:0a:46:04:b5:98:5a:e0:64:4c:90:48:ff:9e:c0:92:0e: > 0c:c4:ba:85:c9:56:d7:4e:a5:9f:16:e2:76:4c:24:b6:c6:b6: > 2c:ef:63:f3:50:3f:90:12:57:8a:af:2f:21:93:e4:c8:aa:e7: > ef:a9 > -----BEGIN CERTIFICATE----- > MIICzTCCAjagAwIBAgIBADANBgkqhkiG9w0BAQUFADBuMQswCQYDVQQGEwJVUzEL > MAkGA1UECBMCTkoxDTALBgNVBAoTBENWTFQxDDAKBgNVBAsTA2RldjEPMA0GA1UE > AxMGc2F0aXNoMSQwIgYJKoZIhvcNAQkBFhVza2lsYXJ1QGNvbW12YXVsdC5jb20w > HhcNMDkwNTAxMDEwNzI0WhcNMTIwNDMwMDEwNzI0WjBuMQswCQYDVQQGEwJVUzEL > MAkGA1UECBMCTkoxDTALBgNVBAoTBENWTFQxDDAKBgNVBAsTA2RldjEPMA0GA1UE > AxMGc2F0aXNoMSQwIgYJKoZIhvcNAQkBFhVza2lsYXJ1QGNvbW12YXVsdC5jb20w > gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKbZgmdnjHDHS1/Q4yQt7rN5rYVz > plMfRJ0Njk1GMp4LqM43VH+uzDU9t25kVCWcY4yy2DqSzrRXygjL78osIFl5pzUc > hboys584cjd2NOAFAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W > HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQJiad7ZsNY > TUzFgMBCkQTSZwTIoTAfBgNVHSMEGDAWgBQJiad7ZsNYTUzFgMBCkQTSZwTIoTAN > BgkqhkiG9w0BAQUFAAOBgQAPdjio0+akWT+tvWBpwiCI8CB0ylWu0/D36aZoFn6y > tODFRVu0lGCmgyCVTHIEgJNKa2QgrXTEHdox/TeS1NhGoZX8TPyFbU9WGApGBLWY > WuBkTJBI/57Akg4MxLqFyVbXTqWfFuJ2TCS2xrYs72PzUD+QEleKry8hk+TIqufv > qQ== > -----END CERTIFICATE----- > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
