Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Noobie SSL certificate problem

2 views
Skip to first unread message

bill.bi...@gmail.com

unread,
Jan 26, 2005, 3:11:46 PM1/26/05
to
Sorry if this is in the wrong forum. (if not please point me to the
correct place)

Recently I request an PKI certificate from our client. I received the
certificate but in the mean time delete the request (.arm file).

Is there a way for me to recreate this request from the certificate
that I received (extract the original request)? Or do I need to start
over?

thanks,

Bill

Anne & Lynn Wheeler

unread,
Jan 26, 2005, 4:56:27 PM1/26/05
to

in normal public/private asymmetric environment ... you generate a
public/private key pair. you then distribute the public key via
various mechanisms (while keeping the private key, private and
secure). It is possible for you to digitally sign something with your
private key ... and the receivers can validate that digital signature
(and therefor that the material originated from you) with your
distributed public key. Also, others can asymmetricly encrypt
something with your public key and only you (with your private key)
can decrypt it.

the normal purpose of a PKI certificate is

1) that a trusted third party can attest that the supplied public key
really belongs to you ... this is applicable to situations where the
relying/recieving parties have no possible direct knowledge of you
... but do have some trust or other relationship with the third party
(generating and distributing the PKI certificates).

2) the trusted 3rd party has no idea who you will be dealing with ...
other than it presumably is somebody that already trusts the 3rd party
... so the 3rd party returns the information directly to you so that
you can append it to any future correspondance you might have with
unknown relying parties.

this is the letter-of-credit model from the sailing ship days ... as
opposed to existing real-time environments where the relying party
contacts the trusted 3rd party (say a bank or credit bureau) in real
time). The certificate model was created before the days of ubiquitous
electronic communication.

the typical process is for you to generate some form that includes
your public key as part of the contents and then you digitally sign
that form with your private key ... and then send off the form and the
digital signature ... as well as a bunch of other validation
information to the 3rd party PKI certificate issuing entity. The 3rd
party PKI certificate issuing entity uses the public key (included in
the form) to validate the transmitted digital signature. Then they do
something that validates the information that you are who you claim to
be ... and that the public key is really yours. From that they then
can generate a PKI certificate. The PKI certificate will contain your
public key and some sort of identifying information about you.

the original request should have been created with your public key
(which should also be in the body of the returned PKI certificate) and
a digital signature generated by the private key ... so hopefully you
still have a copy of the original private key laying around somewhere.

misc. stuff and past posts about SSL certificates:
http://www.garlic.com/~lynn/subpubkey.html#sslcert

--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

0 new messages