Cybersecurity

Computer Science Innovations, LLC

Certificates

GeneratePublic andPrivate Key

Sign the PublicKey with a CA

Private Key

Append theCert to the Private Key

Lets See a CertIn P12 format they are Binary, but we can use openSSL to convert to

ASCIIHere is the command:

openssl pkcs12 -in Default\ Device.p12 -out certfile2.pem -

passin pass:b298b12b-3584-419d-b3c9-f6f639b5de66

Let'sSee a Cert Part 2-----BEGIN ENCRYPTED PRIVATE KEY-----

MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIRVkHt5ym+dYCAggA

MBQGCCqGSIb3DQMHBAglTFlPoHcELQSCAoCLMCzUhF9ezDFwTiM5jsgRJDLXcfyK

tcj6zRLc40QKu/hUjMj5kF+T52qwr …..

….

-----BEGIN CERTIFICATE-----

MIIDaDCCAlCgAwIBAgIGAUwFJmdtMA0GCSqGSIb3DQEBBQUAMHMxCzAJBgNVBAYT

AlVTMQswCQYDVQQIDAJNRDEPMA0GA1UECgwGU3RyZWl0MQ8wDQYDVQQLDAZTdHJl

aXQxJDAiBgkqhkiG

So Let's Talk About the Cert

We started with a public key and a private key.

We also started with another private key called a “Certificate Authority” private key

We sign the public key with the Certificate Authority Private key making it a certificate.

We append the Private Key and the Certificate create a P12 certificate.

How is it Used

Client:Send Cert

Server:Cert Received

And unlocked with CA Private Key

Leaving the public key

ClientSends Private Key

Server Receives the Private Key and makes sure that it Associated with the Public

Key from the Previous Step

This is 2-Way SSL Uses Asymmetric Encryption Is uses as part of an Identity Assertion The Certificate is actually a public key

private key pair. The Public Key is signed with the Certificate

Authority private key (CA).

The CA

The CA is the overriding private key for 2-way SSL and cannot be given out.

It must be protected. It ends up in a truststore because the

truststore is used in the 2-way SSL Handshake

Keystores are used for 1 way SSL Truststores are used for 2 way SSL