All essential parts of an A-CERT ADVANCED certificate are to be analyzed using this example.
At the end of the article is the PEM format for exchanging the certificate between different systems, which is identical to the text interpretation described.
Different signature programs use different certificate interpreters, in most cases the data is displayed in separate windows. In many cases, they are also provided with annotations and additional interpretations.
Many signature programs also use non-standard extensions for the electronic signature. However, within the framework of this FAQ, only the central, standardized elements are to be discussed. These must – in one form or another – always be identifiable
The most important elements
The most important elements displayed by each interpreter are represented by so-called “Distinguished Names”:
Subject: C=AT, ST=-, L=VIENNA, O=Testcertificate, CN=electronic invoice (TEST CERTIFICATE)/emailAddress=testadress@freenet.at
The “subject” describes the signer:
C [CountryName]: AT → State in which Signator resides, AT stands for Austria
ST [State or Province]: – → Region of the signing person does not have to be specified
L [Locality]: WIEN → Place name of the signing person
O [Organisation]: Testcertificate → Organization name of the signing person (here the fictitious organization “testcertificate”)
CN [CommonName]: Electronic invoicing (SAMPLE CERTIFICATE) → Contains either the name of the person signing, specific purposes or a combination of both
emailAddress= : testadress@freenet.at → Mail address intended for the use of the certificate. Specifying an email address is optional and is part of the common name.
Issuer: C=AT, ST=Austria, L=Vienna, O=ARGE DATEN – Austrian Society for Data Protection, OU=A-CERT Certification Service, CN=A-CERT ADVANCED/emailAddress=info@a-cert.at
The “Issuer” is the issuer of the certificate, the meaning of the fields is identical to “Subject”.
Validity
Not Before: Jan 14 00:00:00 2005 GMT
Not After: Feb 14 01:37:50 2005 GMT
“Validity” is the validity period, in this case from Jan 14, 2005 00:00 to Feb 14, 1:37:50 (GMT is the standard time zone, London time)
X509v3 CRL Distribution Points:
URI: https://www.globaltrust.eu/static/advanced.crl
This URL indicates where the revocation list can be obtained.
X509v3 Certificate Policies:
Policy: 1.2.40.0.24.1.1.1.3
CPS: https://www.globaltrust.eu/certificate-policy.html
This URL indicates the document location that contains all the information under which conditions the certificate may be used (1.2.40.0.24.1.1.1.3 is a globally unique document number of the document relevant to the certification.
All other information is necessary for technical use. For CRL’s interested, continue here.
The described certificate interpreted as text:
Certificate: Data: Version: 3 (0x2) Serial Number: 65 (0x41) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AT, ST=Austria, L=Vienna, O=ARGE DATEN - Austrian Society for Data Protection, OU=A-CERT Certification Service, CN=A-CERT ADVANCED/emailAddress=info@a-cert.at Validity Not Before: Jan 14 00:00:00 2005 GMT Not After : Feb 14 01:37:50 2005 GMT Subject: C=AT, ST=-, L=WIEN, O=Test certificate, CN=electronic invoicing (SAMPLE CERTIFICATE)/emailAddress=testadress@freenet.at Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:d5:21:0d:0b:ca:9f:cc:9a:a1:9d:e0:3b:b5:1d: 78:93:45:9f:48:9b:d2:2d:ea:60:57:e9:9e:7f:70: 48:ed:5c:03:a2:65:f0:f4:1e:66:54:d1:d6:d0:dc: 90:52:b9:30:c3:cc:ec:73:b8:85:04:b2:e7:00:fe: be:32:39:8d:c0:eb:b2:93:83:4c:3b:46:e1:48:9e: 3f:03:fb:92:52:6a:6f:4f:4b:84:f4:8a:06:dc:78: a3:43:1e:17:54:82:2b:c0:ef:6d:f8:22:f2:df:98: 78:4f:42:f0:c1:f4:48:12:05:5c:d2:57:20:b2:2e: 36:bc:9c:99:ea:01:91:64:5d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CA:E5:A0:7C:35:06:9F:A2:83:EE:76:73:FA:CE:C0:44:92:A6:9B:C3 X509v3 Authority Key Identifier: keyid:37:7F:3E:3E:99:71:60:CA:24:D4:91:13:79:D0:74:29:B4:A8:24:D8 X509v3 Subject Alternative Name: email:testadresse@freenet.at X509v3 Issuer Alternative Name: email:info@a-cert.at, URI:https://www.globaltrust.eu X509v3 CRL Distribution Points: URI:https://www.globaltrust.eu/static/advanced.crl X509v3 Key Usage: critical Digital Signature, Key Encipherment, Data Encipherment X509v3 Certificate Policies: Policy: 1.2.40.0.24.1.1.1.3 CPS: https://www.globaltrust.eu/certificate-policy.html Signature Algorithm: sha1WithRSAEncryption 25:94:38:65:49:aa:17:96:5d:e6:07:82:12:c3:5d:d6:86:c2: d5:2c:44:f3:f1:98:5b:50:ee:e7:c3:48:98:c3:c8:cd:6a:45: e8:0c:ec:56:9e:b3:bb:d5:0d:f9:08:e2:2b:65:c5:e4:f8:d2: f1:1c:c4:e0:ee:b9:91:c8:2b:ff:ff:59:cc:84:b1:8a:c4:6f: 00:a8:4d:a9:ed:97:ac:94:7d:16:55:be:fe:da:78:77:9f:3c: 3f:d1:3b:c3:a3:88:2f:17:c9:3d:ea:a6:80:14:3c:94:ba:3b: 48:27:15:b7:47:a1:c9:55:33:f9:f9:d7:1f:29:d1:da:60:7b: b7:e8:72:0c:eb:e9:b3:3c:16:d1:a8:91:2c:57:6d:e9:6a:53: f8:33:af:49:88:46:61:c1:61:8b:c1:20:bc:1c:87:f9:a8:ed: 62:0d:9e:12:8d:3a:8c:cf:03:08:8b:7f:0f:67:7f:a2:94:61: eb:5f:f6:33:59:8d:13:02:f2:d2:aa:3b:b6:e1:f3:53:77:a3: 40:60:e2:ba:d5:b7:49:08:9c:9a:20:d9:1b:13:90:07:3b:05: 8f:54:fa:f7:ff:13:52:47:e8:3d:b2:72:68:db:c7:74:b3:94: 84:ef:cd:8f:e9:10:e1:36:0c:c2:1e:ec:c9:fc:56:97:d4:1c: 59:6f:7d:98 The described certificate in PEM-Format: -----BEGIN CERTIFICATE----- MIIErjCCA5agAwIBAgIBQTANBgkqhkiG9w0BAQUFADCBzDELMAkGA1UEBhMCQVQx EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTE6MDgGA1UEChMxQVJH RSBEQVRFTiAtIEF1c3RyaWFuIFNvY2lldHkgZm9yIERhdGEgUHJvdGVjdGlvbjEl MCMGA1UECxMcQS1DRVJUIENlcnRpZmljYXRpb24gU2VydmljZTEYMBYGA1UEAxMP QS1DRVJUIEFEVkFOQ0VEMR0wGwYJKoZIhvcNAQkBFg5pbmZvQGEtY2VydC5hdDAe Fw0wNTAxMTQwMDAwMDBaFw0wNTAyMTQwMTM3NTBaMIGjMQswCQYDVQQGEwJBVDEK MAgGA1UECBMBLTENMAsGA1UEBxMEV0lFTjEXMBUGA1UEChMOVGVzdHplcnRpZmlr YXQxOTA3BgNVBAMTMGVsZWt0cm9uaXNjaGUgUmVjaG51bmdzbGVndW5nIChNVVNU RVJaRVJUSUZJS0FUKTElMCMGCSqGSIb3DQEJARYWdGVzdGFkcmVzc2VAZnJlZW5l dC5hdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1SENC8qfzJqhneA7tR14 k0WfSJvSLepgV+mef3BI7VwDomXw9B5mVNHW0NyQUrkww8zsc7iFBLLnAP6+MjmN wOuyk4NMO0bhSJ4/A/uSUmpvT0uE9IoG3HijQx4XVIIrwO9t+CLy35h4T0LwwfRI EgVc0lcgsi42vJyZ6gGRZF0CAwEAAaOCAUQwggFAMAwGA1UdEwEB/wQCMAAwHQYD VR0OBBYEFMrloHw1Bp+ig+52c/rOwESSppvDMB8GA1UdIwQYMBaAFDd/Pj6ZcWDK JNSRE3nQdCm0qCTYMCEGA1UdEQQaMBiBFnRlc3RhZHJlc3NlQGZyZWVuZXQuYXQw LwYDVR0SBCgwJoEOaW5mb0BhLWNlcnQuYXSGFGh0dHA6Ly93d3cuYS1jZXJ0LmF0 MDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly93d3cuYS1jZXJ0LmF0L3N0YXRpYy9h ZHZhbmNlZC5jcmwwDgYDVR0PAQH/BAQDAgSwMFEGA1UdIARKMEgwRgYIKigAGAEB AQMwOjA4BggrBgEFBQcCARYsaHR0cDovL3d3dy5hLWNlcnQuYXQvY2VydGlmaWNh dGUtcG9saWN5Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEBACWUOGVJqheWXeYHghLD XdaGwtUsRPPxmFtQ7ufDSJjDyM1qRegM7Faes7vVDfkI4itlxeT40vEcxODuuZHI K///WcyEsYrEbwCoTantl6yUfRZVvv7aeHefPD/RO8OjiC8XyT3qpoAUPJS6O0gn FbdHoclVM/n51x8p0dpge7focgzr6bM8FtGokSxXbelqU/gzr0mIRmHBYYvBILwc h/mo7WINnhKNOozPAwiLfw9nf6KUYetf9jNZjRMC8tKqO7bh81N3o0Bg4rrVt0kI nJog2RsTkAc7BY9U+vf/E1JH6D2ycmjbx3SzlITvzY/pEOE2DMIe7Mn8VpfUHFlv fZg= -----END CERTIFICATE-----
You might be interested in that
What are the costs of not going paperless?
While digitization reached almost every aspect of daily work, the necessity for handwritten signatures in B2B environments preserves printing paper its crucial role – and incurs costs. However, by implementing e-signatures, businesses can reduce expenses, streamline processes, and contribute to a more sustainable...
QES & Competition Law – European Commission to require electronic signatures from 1st September, 2023
To further simplify merger control procedures and in line with its overall digital strategy, the European Commission has published a number of revised legal texts, including one that will make electronic transmission of electronically signed documents the default method from 1 September 2023. Read on to find out...
Sign and encrypt emails using an Apple iPhone
User guide for signing and encrypting emails with the GLOBALTRUST CLIENT certificate on your Apple iPhoneAs of May 10, 2023 1 Basic 1.1 Goals of this document A step-by-step guide on how to add the certificate to your iPhone to then sign and/or encrypt emails. This guide was created for an Apple iPhone (iOS version:...