X.509及X.509证书
X.509 是由国际电信联盟(ITU-T)制定的数字证书标准,而基于X.509标准制定的X.509证书则是公钥基础设施(PKI)的核心组成部分,主要用于互联网安全通信和身份认证,最常见的例子比如网站访问,移动App, 电子文档,邮件传输等都有它的影子,它也是HTTPS协议的基础。
证书结构
X.509证书采用ASN.1编码格式用于结构描述,主要包含四层结构:1)证书主体,2) 签名算法,3) 签名值,4)扩展。
Certificate
├── Version
├── Serial Number
├── Signature Algorithm
├── Issuer
├── Validity Period
├── Subject
├── Subject Public Key Info
└── Extensions (v3关键)
├── Key Usage
├── Extended Key Usage
├── Subject Alternative Name
├── Basic Constraints
└── CRL Distribution Points
版本号 Version :标识证书格式版本(v1/v2/v3),目前基本上都是v3, 支持扩展字段。
序列号 Serial Number :由CA分配的唯一标识符,是一个十六进制值,用于区分同一CA颁发的证书及吊销列表(CRL)追踪。
签名算法 Signature Algorithm :CA对证书签名使用的哈希算法和签名算法的组合标识(如SHA256WithRSA)。
颁发者 Issuer :签发证书的CA的DN(Distinguished Name)。
有效期 Validity:由下面的两个UTC时间戳界定,精确到秒,过期后证书失效。
- 生效时间(Not Before)
- 失效时间(Not After)
主体 Subject :证书持有者的DN或SAN(Subject Alternative Name), 如个人或组织。
主体公钥信息 Subject Public Key Info :包含公钥算法(RSA/ECC)及公钥值。
扩展字段 Extensions(v3):支持密钥用法、SAN等高级功能。
- 密钥用法(Key Usage):限制证书用途,如digitalSignature(签名)、keyEncipherment(加密),增强安全性,避免签名证书被误用于加密。
- 扩展密钥用法(Extended Key Usage):细化用途,如serverAuth(用于TLS服务端验证)、clientAuth(用于TLS客户端验证)。
- 基本约束(Basic Constraints):标识证书是否为CA证书(CA:TRUE/FALSE),通常为False,不可以生成子证书,路径长度限制(pathlen)控制中间CA的层级。
- 证书策略(Certificate Policies):声明CA的合规标准(如EV证书)。
- 主体备用名称(Subject Alternative Name):允许证书绑定多个域名(如www.example.com、example.com),替代传统CN字段。 现代浏览器强制要求SAN字段,否则触发警告。
- CRL分发点(CRL Distribution Points): 提供吊销列表的下载URL,支持离线验证证书状态。
- OCSP装订(OCSP Stapling):减少实时OCSP查询延迟。
签名值 Signature Value:CA对证书所有内容进行哈希后的值进行加密的结果。
常见文件格式
PEM(Privacy-Enhanced Mail) :(.pem, .cer, .crt, .key)
Base64 编码的文本格式
以 -----BEGIN CERTIFICATE----- 开头,
以 -----END CERTIFICATE----- 结尾,
最常用,用于配置文件中。常见于Apache, Nginx, OpenSSL.
DER(Distinguished Encoding Rules) :(.der, .cer, .crt)
是ASN.1编码的二进制格式,不可读但便于存储和传输。常见于Java, Windows, Linux。
PKCS#7 :(.p7b, .p7c)
可二进制也可Base64,证书链格式,包含证书链信息,但不包含私钥,常用于证书分发, 如Windows和Java环境中传递证书链。
PKCS#10 :(.csr, .p10)
证书签名请求(CSR)的标准格式,包含公钥和申请者信息。常用于向CA申请证书时提交的文件。
PKCS#12 :(.pfx, .p12)
二进制格式,证书中含有私钥及中间 CA 证书,常用于加密存储。通常有密码保护。常见JAVA Keystore
JKS : (.jks)
Java专用的密钥库格式,可存储证书和私钥。常见Java应用程序(如Tomcat)。
举例详解
X.509可以用于多种场景,这里以HTTPS证书为例,访问百度网站,下载PEM单证书文件(不含证书链)baidu-com.pem。
使用如下命令将PEM格式解析为ASN.1结构:
bash
openssl x509 -in baidu-com.pem -text -noout显示如下证书的ASN.1结构信息。
bash
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
57:53:59:7b:3f:31:1d:38:e6:62:95:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018
Validity
Not Before: Jul 9 07:01:02 2025 GMT
Not After : Aug 10 07:01:01 2026 GMT
Subject: C = CN, ST = beijing, L = beijing, O = "Beijing Baidu Netcom Science Technology Co., Ltd", CN = baidu.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:96:ea:ce:20:7d:13:38:20:7c:8c:33:b1:8c:
79:7e:73:4d:b0:a4:a6:7a:97:7c:29:9d:47:c9:37:
e0:fd:e9:8c:35:ce:a1:a2:e1:89:57:3b:2b:5e:71:
82:50:61:53:48:5d:ac:f9:00:ca:58:09:30:5f:7d:
ca:bd:3c:7c:43:88:b2:47:a8:9d:7c:da:93:01:22:
9e:65:d4:e0:4b:59:6d:49:75:25:1f:80:c2:0e:5a:
8e:2d:b5:d1:26:ad:34:90:04:a3:55:e9:4c:76:8d:
18:6b:b9:5c:d3:21:a0:8c:70:b0:8e:45:b9:6c:5f:
f9:35:85:16:92:7d:46:18:3c:85:88:07:c4:46:4d:
09:52:2f:99:b9:c3:ae:16:96:b0:7c:a5:9b:85:0e:
6a:b2:b4:f5:61:62:f7:c4:2a:b3:b1:df:a1:82:41:
29:0a:8d:8c:fc:5e:b5:e6:d9:cf:fd:f7:59:32:1a:
b1:fa:a2:b2:9e:58:77:c0:fa:7b:2b:0e:aa:2c:17:
4f:25:8b:b6:b7:bc:ba:71:56:98:f0:6b:a0:bf:ce:
f5:47:9b:52:fe:db:fd:d6:13:95:76:3f:a9:c4:c7:
27:79:c1:eb:66:6d:93:0f:23:6d:a7:f1:ca:ec:9e:
79:d7:db:48:f8:ac:ac:0f:ac:46:e1:43:bf:80:e0:
b1:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
Authority Information Access:
CA Issuers - URI:http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
OCSP - URI:http://ocsp.globalsign.com/gsrsaovsslca2018
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.4146.1.20
CPS: https://www.globalsign.com/repository/
Policy: 2.23.140.1.2.2
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.globalsign.com/gsrsaovsslca2018.crl
X509v3 Subject Alternative Name:
DNS:baidu.com, DNS:baifubao.com, DNS:www.baidu.cn, DNS:www.baidu.com.cn, DNS:mct.y.nuomi.com, DNS:apollo.auto, DNS:dwz.cn, DNS:*.baidu.com, DNS:*.baifubao.com, DNS:*.baidustatic.com, DNS:*.bdstatic.com, DNS:*.bdimg.com, DNS:*.hao123.com, DNS:*.nuomi.com, DNS:*.chuanke.com, DNS:*.trustgo.com, DNS:*.bce.baidu.com, DNS:*.eyun.baidu.com, DNS:*.map.baidu.com, DNS:*.mbd.baidu.com, DNS:*.fanyi.baidu.com, DNS:*.baidubce.com, DNS:*.mipcdn.com, DNS:*.news.baidu.com, DNS:*.baidupcs.com, DNS:*.aipage.com, DNS:*.aipage.cn, DNS:*.bcehost.com, DNS:*.safe.baidu.com, DNS:*.im.baidu.com, DNS:*.baiducontent.com, DNS:*.dlnel.com, DNS:*.dlnel.org, DNS:*.dueros.baidu.com, DNS:*.su.baidu.com, DNS:*.91.com, DNS:*.hao123.baidu.com, DNS:*.apollo.auto, DNS:*.xueshu.baidu.com, DNS:*.bj.baidubce.com, DNS:*.gz.baidubce.com, DNS:*.smartapps.cn, DNS:*.bdtjrcv.com, DNS:*.hao222.com, DNS:*.haokan.com, DNS:*.pae.baidu.com, DNS:*.vd.bdstatic.com, DNS:*.cloud.baidu.com, DNS:click.hm.baidu.com, DNS:log.hm.baidu.com, DNS:cm.pos.baidu.com, DNS:wn.pos.baidu.com, DNS:update.pan.baidu.com
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Authority Key Identifier:
keyid:F8:EF:7F:F2:CD:78:67:A8:DE:6F:8F:24:8D:88:F1:87:03:02:B3:EB
X509v3 Subject Key Identifier:
BA:91:7C:55:A9:8F:1F:B0:02:60:27:BB:D7:D3:03:AF:2D:AB:AD:1D
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AC:AB:30:70:6C:EB:EC:84:31:F4:13:D2:F4:91:5F:11:
1E:42:24:43:B1:F2:A6:8C:4F:3C:2B:3B:A7:1E:02:C3
Timestamp : Jul 9 07:01:09.629 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:35:DB:47:71:C6:0E:36:D4:9E:87:46:9D:
8D:5C:1D:19:7F:A9:53:C0:1A:8F:16:2D:C2:03:2B:71:
0B:C6:1D:53:02:20:22:0E:91:A8:C5:87:93:93:D6:48:
35:F5:24:7B:F6:F5:FF:3D:56:F3:9D:DB:4C:72:86:2D:
4A:AD:77:45:52:CF
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CB:38:F7:15:89:7C:84:A1:44:5F:5B:C1:DD:FB:C9:6E:
F2:9A:59:CD:47:0A:69:05:85:B0:CB:14:C3:14:58:E7
Timestamp : Jul 9 07:01:09.640 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:BC:C9:FA:F8:1A:19:CB:22:CF:BF:6D:
A3:22:F6:A7:36:7B:C5:35:A1:A5:F7:AD:23:B8:59:2D:
8B:97:09:68:E3:02:21:00:AB:19:F4:52:A5:FB:57:80:
2C:64:F1:A9:5F:EE:77:DA:7C:97:78:37:85:8B:0D:41:
CC:85:80:3C:2E:71:5B:81
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : D7:6D:7D:10:D1:A7:F5:77:C2:C7:E9:5F:D7:00:BF:F9:
82:C9:33:5A:65:E1:D0:B3:01:73:17:C0:C8:C5:69:77
Timestamp : Jul 9 07:01:09.600 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:1E:5F:24:19:17:79:DD:66:DA:B1:09:B7:
11:9F:DA:3C:49:A5:21:7B:10:1E:FF:7C:8F:E8:12:0B:
45:FE:38:AA:02:21:00:B7:97:A9:BD:A2:27:A1:08:79:
42:B5:18:DE:4E:76:C1:1D:0D:35:AC:F5:32:3B:05:7C:
9D:8C:4C:87:77:A8:0C
Signature Algorithm: sha256WithRSAEncryption
02:3c:79:db:06:cf:e8:0d:96:df:89:47:29:3e:8a:d2:2f:d3:
a2:b4:1d:ae:c9:9a:ae:e8:1d:b3:d6:51:de:3b:70:7e:55:89:
6d:01:ae:f8:eb:8a:76:f0:55:fe:72:43:a3:e0:38:ce:a7:06:
ac:97:8e:ab:b7:af:87:c5:23:51:83:2c:1d:a4:c2:43:ad:e0:
ed:9f:7d:93:5e:1d:27:51:26:32:c6:fa:69:62:bb:cf:a6:5f:
4e:89:67:45:43:e5:05:c7:af:ec:6e:ac:22:5b:20:61:29:9b:
19:ad:c6:0d:4f:c7:f4:5f:77:2f:b9:a8:2a:36:4d:b3:75:5b:
b1:7d:a5:71:b6:65:ae:bb:e4:7a:fe:87:b0:33:0f:4e:2b:a6:
98:86:5c:15:d6:f5:0c:fe:6e:b1:28:80:37:ac:f4:89:ce:21:
a9:37:61:90:75:b7:c6:d9:67:42:53:69:49:ce:6d:55:94:2e:
07:54:18:59:75:30:b5:cc:59:57:25:5b:fc:f7:af:cf:1e:eb:
ec:82:d5:53:d0:60:cc:1e:7a:bb:d2:59:72:f0:94:c6:fe:d8:
e1:c1:78:5d:c7:f4:85:25:a4:61:34:57:32:b1:fc:f6:4c:6c:
df:1b:8d:0d:0b:b5:ef:1f:8c:58:c0:61:e3:f9:c6:c2:c6:07:
5b:f1:c2:20逐字段解析:
1. 证书主体信息及算法:
- 版本 Version: 3 (0x2)
表示这是X.509第三版证书,支持扩展字段。 - 序列号 Serial Number:
57:53:59:7b:3f:31:1d:38:e6:62:95:29
用于标识CA颁发的唯一的十六进制编号。 - 签名算法标识 Signature Algorithm: sha256WithRSAEncryption
表示使用SHA-256生成哈希,再用RSA私钥加密(签名)。 - 颁发者DN Issuer: C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018
表示颁发者信息,C=Country 国家代码(ISO 3166-1), O=Orgnization 颁发机构组织, CN=Common Name 颁发者通用名(CA名称)。 - 有效期 Validity
Not Before: Jul 9 07:01:02 2025 GMT
Not After : Aug 10 07:01:01 2026 GMT
Not Before:证书开始生效的时间UTC, Not After: 证书过期的时间。 - 主体 Subject: C = CN, ST = beijing, L = beijing, O = "Beijing Baidu Netcom Science Technology Co., Ltd", CN = baidu.com
ST=州/省,L=城市,CN曾经是主要域名,现在更多使用Subject Alternative Name扩展。 - 主体公钥信息 Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:96:ea:ce:20:7d:13:38:20:7c:8c:33:b1:8c:
79:7e:73:4d:b0:a4:a6:7a:97:7c:29:9d:47:c9:37:
e0:fd:e9:8c:35:ce:a1:a2:e1:89:57:3b:2b:5e:71:
82:50:61:53:48:5d:ac:f9:00:ca:58:09:30:5f:7d:
ca:bd:3c:7c:43:88:b2:47:a8:9d:7c:da:93:01:22:
9e:65:d4:e0:4b:59:6d:49:75:25:1f:80:c2:0e:5a:
8e:2d:b5:d1:26:ad:34:90:04:a3:55:e9:4c:76:8d:
18:6b:b9:5c:d3:21:a0:8c:70:b0:8e:45:b9:6c:5f:
f9:35:85:16:92:7d:46:18:3c:85:88:07:c4:46:4d:
09:52:2f:99:b9:c3:ae:16:96:b0:7c:a5:9b:85:0e:
6a:b2:b4:f5:61:62:f7:c4:2a:b3:b1:df:a1:82:41:
29:0a:8d:8c:fc:5e:b5:e6:d9:cf:fd:f7:59:32:1a:
b1:fa:a2:b2:9e:58:77:c0:fa:7b:2b:0e:aa:2c:17:
4f:25:8b:b6:b7:bc:ba:71:56:98:f0:6b:a0:bf:ce:
f5:47:9b:52:fe:db:fd:d6:13:95:76:3f:a9:c4:c7:
27:79:c1:eb:66:6d:93:0f:23:6d:a7:f1:ca:ec:9e:
79:d7:db:48:f8:ac:ac:0f:ac:46:e1:43:bf:80:e0:
b1:8b
Exponent: 65537 (0x10001)
表示算法使用的是RSA,密钥长度是2048位(当前的标准),Modules表示模数(n),RSA公钥的一部分,大素数乘积,Exponent表示指数(e): 通常是65537 (0x10001),质数且小,计算效率高。
2. v3扩展部分(核心):
X509v3 extensions:
- 密钥用法 X509v3 Key Usage: critical
Digital Signature, Key Encipherment
定义公钥的用途, critical表示是关键扩展,不支持此扩展的客户端必须拒绝证书。Digital Signature: 可用于数字签名(TLS握手),Key Encipherment: 可用于加密密钥(TLS密钥交换),其他可能值:Certificate Signing, CRL Signing等,共9种标志位,限制密钥使用场景。 - 基本约束 X509v3 Basic Constraints: critical
CA:FALSE
表明此证书不能作为CA证书(不能颁发子证书),如果是CA证书,则为:CA:TRUE, pathlen:0(可颁发下级证书,深度限制) - 认证信息访问 Authority Information Access:
CA Issuers - URI:http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
OCSP - URI:http://ocsp.globalsign.com/gsrsaovsslca2018
CA Issuers: 中间CA证书下载地址,用于构建证书链,OCSP URI: 在线证书状态协议响应地址(实时吊销检查).现代浏览器会使用这些信息自动获取中间证书. - 证书策略 X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.4146.1.20
CPS: https://www.globalsign.com/repository/
Policy: 2.23.140.1.2.2
2.23.140.1.2.2: CA/Browser Forum的OV(组织验证)策略OID,CPS: 认证实践声明URL,说明CA的验证流程和安全控制。对于EV证书,会有特定OID如2.23.140.1.1(扩展验证)。 - CRL分发点 X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.globalsign.com/gsrsaovsslca2018.crl
证书吊销列表(CRL)的下载地址,客户端可在此检查证书是否被吊销,通常提供多个URL确保可用性。 - 主体备用名称 X509v3 Subject Alternative Name:
DNS:baidu.com, DNS:baifubao.com, DNS:www.baidu.cn, DNS:www.baidu.com.cn, DNS:mct.y.nuomi.com, DNS:apollo.auto, DNS:dwz.cn, DNS:.baidu.com, DNS: .baifubao.com, DNS:.baidustatic.com, DNS: .bdstatic.com, DNS:.bdimg.com, DNS: .hao123.com, DNS:.nuomi.com, DNS: .chuanke.com, DNS:.trustgo.com, DNS: .bce.baidu.com, DNS:.eyun.baidu.com, DNS: .map.baidu.com, DNS:.mbd.baidu.com, DNS: .fanyi.baidu.com, DNS:.baidubce.com, DNS: .mipcdn.com, DNS:.news.baidu.com, DNS: .baidupcs.com, DNS:.aipage.com, DNS: .aipage.cn, DNS:.bcehost.com, DNS: .safe.baidu.com, DNS:.im.baidu.com, DNS: .baiducontent.com, DNS:.dlnel.com, DNS: .dlnel.org, DNS:.dueros.baidu.com, DNS: .su.baidu.com, DNS:.91.com, DNS: .hao123.baidu.com, DNS:.apollo.auto, DNS: .xueshu.baidu.com, DNS:.bj.baidubce.com, DNS: .gz.baidubce.com, DNS:.smartapps.cn, DNS: .bdtjrcv.com, DNS:.hao222.com, DNS: .haokan.com, DNS:.pae.baidu.com, DNS: .vd.bdstatic.com, DNS:.cloud.baidu.com, DNS:click.hm.baidu.com, DNS:log.hm.baidu.com, DNS:cm.pos.baidu.com, DNS:wn.pos.baidu.com, DNS:update.pan.baidu.com
最重要的SSL证书扩展,列出证书有效的所有域名(替代或补充CN字段),支持通配符(),一个证书可包含上百个域名(SAN证书/UCC证书),也支持IP地址、电子邮件等格式。 - 扩展密钥用法 X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
更具体的用途声明:TLS Web Server Authentication (OID: 1.3.6.1.5.5.7.3.1): 用于服务器身份验证,TLS Web Client Authentication (OID: 1.3.6.1.5.5.7.3.2): 也允许客户端身份验证,其他常见值:Code Signing, Email Protection, Time Stamping。 - 授权密钥标识符 X509v3 Authority Key Identifier: keyid:F8:EF:7F:F2:CD:78:67:A8:DE:6F:8F:24:8D:88:F1:87:03:02:B3:EB
颁发者公钥的标识符(对应颁发CA的Subject Key Identifier),用于建立证书链关系。 - 主体密钥标识符 X509v3 Subject Key Identifier: BA:91:7C:55:A9:8F:1F:B0:02:60:27:BB:D7:D3:03:AF:2D:AB:AD:1D
本证书公钥的哈希值(通常是SHA-1),用于快速标识特定密钥。 - 预证书的SCT列表 CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AC:AB:30:70:6C:EB:EC:84:31:F4:13:D2:F4:91:5F:11:
1E:42:24:43:B1:F2:A6:8C:4F:3C:2B:3B:A7:1E:02:C3
Timestamp : Jul 9 07:01:09.629 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:35:DB:47:71:C6:0E:36:D4:9E:87:46:9D:
8D:5C:1D:19:7F:A9:53:C0:1A:8F:16:2D:C2:03:2B:71:
0B:C6:1D:53:02:20:22:0E:91:A8:C5:87:93:93:D6:48:
35:F5:24:7B:F6:F5:FF:3D:56:F3:9D:DB:4C:72:86:2D:
4A:AD:77:45:52:CF
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CB:38:F7:15:89:7C:84:A1:44:5F:5B:C1:DD:FB:C9:6E:
F2:9A:59:CD:47:0A:69:05:85:B0:CB:14:C3:14:58:E7
Timestamp : Jul 9 07:01:09.640 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:BC:C9:FA:F8:1A:19:CB:22:CF:BF:6D:
A3:22:F6:A7:36:7B:C5:35:A1:A5:F7:AD:23:B8:59:2D:
8B:97:09:68:E3:02:21:00:AB:19:F4:52:A5:FB:57:80:
2C:64:F1:A9:5F:EE:77:DA:7C:97:78:37:85:8B:0D:41:
CC:85:80:3C:2E:71:5B:81
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : D7:6D:7D:10:D1:A7:F5:77:C2:C7:E9:5F:D7:00:BF:F9:
82:C9:33:5A:65:E1:D0:B3:01:73:17:C0:C8:C5:69:77
Timestamp : Jul 9 07:01:09.600 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:1E:5F:24:19:17:79:DD:66:DA:B1:09:B7:
11:9F:DA:3C:49:A5:21:7B:10:1E:FF:7C:8F:E8:12:0B:
45:FE:38:AA:02:21:00:B7:97:A9:BD:A2:27:A1:08:79:
42:B5:18:DE:4E:76:C1:1D:0D:35:AC:F5:32:3B:05:7C:
9D:8C:4C:87:77:A8:0C
证书透明度(Certificate Transparency, CT)预证书的签名证书时间戳(Signed Certificate Timestamp, SCT)列表。这是现代证书(特别是公开信任的SSL/TLS证书)中至关重要的安全增强特性。其中包括了3个SCT,证明该证书已提交到3个CT日志服务器并获得了时间戳签名。 - 证书签名 Signature Algorithm: sha256WithRSAEncryption
02:3c:79:db:06:cf:e8:0d:96:df:89:47:29:3e:8a:d2:2f:d3:
a2:b4:1d:ae:c9:9a:ae:e8:1d:b3:d6:51🇩🇪3b:70:7e:55:89:
6d:01:ae:f8:eb:8a:76:f0:55:fe:72:43:a3:e0:38:ce:a7:06:
ac:97:8e🆎b7:af:87:c5:23:51:83:2c:1d:a4:c2:43:ad:e0:
ed:9f:7d:93:5e:1d:27:51:26:32:c6:fa:69:62:bb:cf:a6:5f:
4e:89:67:45:43:e5:05:c7:af:ec:6e:ac:22:5b:20:61:29:9b:
19:ad:c6:0d:4f:c7:f4:5f:77:2f:b9:a8:2a:36:4d:b3:75:5b:
b1:7d:a5:71:b6:65:ae:bb:e4:7a:fe:87:b0:33:0f:4e:2b:a6:
98:86:5c:15:d6:f5:0c:fe:6e:b1:28:80:37:ac:f4:89:ce:21:
a9:37:61:90:75:b7:c6:d9:67:42:53:69:49:ce:6d:55:94:2e:
07:54:18:59:75:30:b5:cc:59:57:25:5b:fc:f7:af:cf:1e:eb:
ec:82:d5:53:d0:60:cc:1e:7a:bb:d2:59:72:f0:94:c6:fe:d8:
e1:c1:78:5d:c7:f4:85:25:a4:61:34:57:32:b1:fc:f6:4c:6c:
df:1b:8d:0d:0b:b5:ef:1f:8c:58:c0:61:e3:f9:c6:c2:c6:07:
5b:f1:c2:20
首先计算证书TBSCertificate部分(To Be Signed Certificate,即签名前的所有数据)的SHA-256哈希,使用颁发者CA的私钥对该哈希进行RSA加密,得到的结果就是此签名值。如果验证的话,可以使用颁发者CA的公钥解密签名值,得到哈希H1,重新计算TBSCertificate的哈希H2,比较H1==H2,如果相等则签名有效。
证书验证流程
1. 完整性验证:使用颁发者公钥验证签名
2. 有效期检查:当前时间在Not Before和Not After之间
3. 吊销状态检查:通过OCSP或CRL查询证书是否被吊销
4. 用途检查:Key Usage和Extended Key Usage是否匹配当前用途
5. 域名验证:当前访问的域名是否在CN或SAN列表中
6. 信任链验证:
逐级向上验证,直到受信任的根证书
检查每个证书的Basic Constraints(CA标志)
使用Authority Key Identifier和Subject Key Identifier建立链接证书的几点安全实践
- SAN优先:现代TLS实现主要检查SAN扩展,CN字段已逐渐次要。
- 密钥强度:RSA至少2048位(最小安全要求,3072位用于长期安全),推荐ECC 256位,相同安全强度下密钥更短(256位ECC≈3072位RSA),性能更优,相比RSA的计算开销大和密钥长度增长影响性能。最佳实践:优先选择ECC(如ECDSA签名+ECDH密钥交换),旧系统可兼容RSA。
- 证书透明度:公开信任的证书应提交到CT日志(RFC 6962)
- OCSP装订:服务器在TLS握手时提供OCSP响应,提高隐私和性能。
- 短期证书:Let's Encrypt等CA推行90天有效期,减少吊销依赖。
让我们不断学习,保持好奇和兴趣!
Iain