The certificates overview shows all certificates available in the database.
Note that there are two types of certificates:
- Key Certificates : stored in the Key Store
- Trust Certificates: stored in the Trust Store
This page allows you to:
- View active (and inactive) certificates
- Import or generate new certificates (link)
- Export certificates
- Remove certificates
Key Certificates vs Trust Certificates
Trust certificates can be used to establish a connection (TLS/SSL). They contain a trust chain that can be used to validate the certificate. They can also be used to encrypt a payload (using the public key).
To import a Trust Certificate, your X509 file contains only the Public Key.
Key Certificates are certificates where the Private Key is also stored in our trust store, in addition to the a Certificate. They can also be used to establish trust, but have cryptographic uses beyond that (to decrypt payloads or to sign).
To import a Key Certificate, your X509 file needs to include a Private Key.
A Key Certificate can also be generated (ie. a Self-signed certificate).
- Alias: Unique name given to the certificate by IDHub, to identify the certificate in other sections of the application.
- Serial Number: Used to uniquely identify the certificate within a CA's systems. In particular this is used to track revocation information.
- Subject: The entity a certificate belongs to: a machine, an individual, or an organization.
- Issuer: The entity that verified the information and signed the certificate.
- Not Before: The earliest time and date on which the certificate is valid. Usually set to a few hours or days prior to the moment the certificate was issued, to avoid clock skew problems.
- Not After: The time and date past which the certificate is no longer valid.
- Key Usage: The valid cryptographic uses of the certificate's public key. Common values include digital signature validation, key encipherment, and certificate signing. However, this usage property is not obeyed necessarily by IDHub.
- Extended Key Usage: The applications in which the certificate may be used. Common values include TLS server authentication, email protection, and code signing.
- Public Key: A public key belonging to the certificate subject.
- Signature Algorithm: The algorithm used to sign the public key certificate.
- Signature: A signature of the certificate body by the issuer's private key.