Certificate Overview

Follow

Introduction

The certificates overview shows all certificates available in the database.  

Note that there are two types of certificates: 

  • Key Certificates : stored in the Key Store
  • Trust Certificates: stored in the Trust Store


This page allows you to:

  • View active (and inactive) certificates
  • Import or generate new certificates (link)
  • Export certificates
  • Remove certificates

Key Certificates vs Trust Certificates

Trust certificates can be used to establish a connection (TLS/SSL). They contain a trust chain that can be used to validate the certificate. They can also be used to encrypt a payload (using the public key). 

To import a Trust Certificate, your X509 file contains only the Public Key.

Key Certificates are certificates where the Private Key is also stored in our trust store, in addition to the a Certificate. They can also be used to establish trust, but have cryptographic uses beyond that (to decrypt payloads or to sign).

To import a Key Certificate, your X509 file needs to include a Private  Key.

A Key Certificate can also be generated (ie. a Self-signed certificate).

Certificate Properties

  • Alias: Unique name given to the certificate by IDHub, to identify the certificate in other sections of the application.
  • Serial Number: Used to uniquely identify the certificate within a CA's systems. In particular this is used to track revocation information.
  • Subject: The entity a certificate belongs to: a machine, an individual, or an organization.
  • Issuer: The entity that verified the information and signed the certificate.
  • Not Before: The earliest time and date on which the certificate is valid. Usually set to a few hours or days prior to the moment the certificate was issued, to avoid clock skew problems.
  • Not After: The time and date past which the certificate is no longer valid.
  • Key Usage: The valid cryptographic uses of the certificate's public key. Common values include digital signature validation, key encipherment, and certificate signing.  However, this usage property is not obeyed necessarily by IDHub.
  • Extended Key Usage: The applications in which the certificate may be used. Common values include TLS server authentication, email protection, and code signing.
  • Public Key: A public key belonging to the certificate subject.
  • Signature Algorithm: The algorithm used to sign the public key certificate.
  • Signature: A signature of the certificate body by the issuer's private key.
Have more questions? Submit a request

Comments