Friday, October 28, 2016

A quick and sure to know if a SSL certificate is a used as a CertAuthority

Under the x509 v3 we have special attributes  for indicating the purpose of a certificate and if it's "CA".

By using the openssl x509  we can review what's the certificate  type and if it's a CA certificate.


Take this certificate  chain where we have  two certificats  and we want to find out which one is a CA certificate from a  usage standpoint




Notice the CA: TRUE vrs the CA:FALSE if the former is set, then that's a indication it top of the chain and as  a rootCA  or intermediate certificate.

Take this Entrust Chain where we have a root, plus 2 intermediate certificates and finally the server

( I'm showing the  CA: flags for the root and intermediates outputs  truncated  )


















( now at the end of the  chain we have the server certificate, notice the CA:FALSE )







So you have a few means for validate the certificate and it's usage.

Ken

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \



1 comment:

  1. If you want your ex-girlfriend or ex-boyfriend to come crawling back to you on their knees (even if they're dating somebody else now) you gotta watch this video
    right away...

    (VIDEO) Get your ex back with TEXT messages?

    ReplyDelete