|
|
|
To prevent web browsers from generating security dialogs while accessing servers secured by these certificates, web browsers should load the Campus Root Certificate and mark it as trusted. Documentation for doing so is also available at that link.
The Server Certificate for the cert.umd.edu server itself is presented for the sake of discussion. As with all Certificates, it can be listed using the x509 option of the OpenSSL program:
% openssl x509 -noout -text -in server.cert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1802 (0x70a)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Maryland, O=University of Maryland, OU=College Park Campus, CN=UMD College Park Server Signing v1
Validity
Not Before: Aug 1 17:09:11 2006 GMT
Not After : Oct 9 17:09:11 2008 GMT
Subject: C=US, ST=Maryland, O=University of Maryland, OU=College Park Campus, CN=cert.umd.edu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:af:1d:35:3b:2f:e6:d7:ef:f3:1b:70:ad:24:ae:
d3:98:3c:90:2a:41:95:c7:9e:25:11:44:7c:d8:b3:
73:a2:17:47:c0:31:80:ce:c1:13:0f:c5:8b:5d:99:
17:70:54:4c:6e:f1:ff:d7:ce:12:e8:58:d7:fe:d9:
f9:1e:0c:04:f8:c3:c7:b0:2b:5b:26:9d:17:61:29:
55:85:56:14:88:ca:a8:f4:73:7c:2b:c7:34:1d:d2:
e1:a5:f4:44:48:fb:1d:5c:69:a8:e8:53:bf:c4:74:
73:e0:cc:4a:98:cd:cd:10:41:16:38:cb:3b:62:85:
f1:cc:92:00:54:ce:ec:c3:4d:b9:5b:a7:f8:23:07:
fd:64:ef:b3:4f:b0:16:76:ca:18:a1:bb:57:9f:38:
39:95:61:da:5d:42:5c:d0:f0:12:7c:d7:56:d5:4c:
f8:b6:21:3d:24:3b:f3:93:83:7c:12:2f:e4:09:e0:
ec:81:29:fa:4c:6a:7d:fa:ba:e4:cc:5b:27:c8:13:
7b:b5:50:b9:f4:4e:e6:52:a2:14:52:6b:a3:0d:e2:
d8:fa:b3:15:16:22:ac:11:f8:47:ed:44:9b:73:6d:
20:10:38:fa:49:06:90:22:e0:31:67:1c:54:f6:a0:
54:80:13:33:54:4b:5f:68:58:87:eb:95:39:4d:62:
e9:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
email:djc@umd.edu
X509v3 Issuer Alternative Name:
DNS:umd.edu, email:certmaster@umd.edu
X509v3 Subject Key Identifier:
0D:63:3A:CD:B3:AE:DC:73:D9:DF:F9:80:E8:38:0A:26:3F:EB:A6:E1
X509v3 Authority Key Identifier:
keyid:29:1E:19:23:3A:6A:67:60:BC:6E:5C:B0:FB:55:41:E3:23:28:3A:C5
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Netscape Cert Type:
SSL Server
Netscape Comment:
See http://cert.umd.edu/server for details.
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.4305.1.2.1
CPS: http://cert.umd.edu/certpolicy
Signature Algorithm: sha1WithRSAEncryption
95:ee:07:43:5c:ba:f2:eb:cc:86:f8:c9:1e:8e:c2:81:2f:6a:
e5:0c:08:2a:7d:d5:de:eb:d7:2f:58:bd:17:33:83:22:60:52:
87:9e:58:1a:5d:d4:b2:c3:97:e0:d5:dd:6a:d6:da:2d:d9:0f:
53:45:ac:73:04:64:d1:4b:fc:8c:c7:a6:be:b2:65:6e:01:2b:
69:31:82:ef:17:75:e7:6d:0b:3f:2f:1a:e7:60:fa:5f:52:2d:
dc:18:c8:5a:ea:10:92:a5:a9:f7:55:11:64:65:a6:45:3e:b2:
a1:d4:38:62:21:ba:b2:3a:d3:1a:84:84:7a:85:ce:7e:b9:12:
17:cc:7a:3d:d3:c7:6b:41:12:a2:b6:cc:fc:f0:ca:b2:2a:44:
30:c5:07:39:c9:ce:ec:c9:ce:3f:3c:fc:4f:4d:79:bf:b8:79:
8f:01:d7:c1:cf:5d:e8:b2:3c:20:29:07:70:60:3a:b2:71:55:
4d:9f:2b:8a:14:30:e3:e8:b2:f2:78:ff:73:25:ac:09:15:68:
74:6e:3e:db:45:bc:5a:b9:93:7d:4b:6f:60:5f:22:81:ec:b6:
47:d8:dc:6a:94:80:14:71:47:dc:99:a6:c7:51:33:94:e8:2b:
6d:8e:bd:7e:d0:a0:45:7d:13:b5:33:63:db:1e:42:bc:d9:6a:
ce:f6:6a:ab
This 2048-bit certificate was signed by the the Server Certificate Signing Certificate, and its purpose is marked by the X509v3 Basic Constraints and X509v3 Extended Key Usage fields as securing SSL Internet Server sites.
This certificate is installed in the Web Server software (e.g., Apache) which presents it to the Relying Party software in the client.
See also:
|
This page is maintained by the Office of Information Technology
© 2003, 2004, 2005, 2006, 2007, 2008, 2009 University of Maryland |
|
