iC Home >
Know-how >
How To SSL - X.509 v2/3 >
Free SSL Certs > CA diff X.509 Certificate Difference
| X.509 Key | StartCom Free Server Certificate | CAcert |
| Key Usage | Digital Signature, Key Encipherment, Key Agreement(a8) | Digital Signature, Key Encipherment(a0) |
| Public Key | RSA 4096 Bits | RSA 1024 Bits |
| Enhanced Key Usage | Server Authentication(1.3.6.1.5.5.7.3.1) | Client Authentication(1.3.6.1.5.5.7.3.2) Server Authentication(1.3.6.1.5.5.7.3.1) Unknown Key Usage(2.16.840.1.113730.4.1) Unknown Key Usage(1.3.6.1.4.1.311.10.3.3) (See Screen Shot below) |
| NetscapeCertType | SSL Server Authentication(40) | n.a. |
| Signature algorithm | sha1RSA | md5RSA |
Viewing certificate details
In the Administrative Console, click Lotus Workplace --> Workplace Client Certificate Store, then click a certificate name link to open the View Certificates Details page.
Name
This setting displays the certificate name. Click a certificate name to edit that name.
Issued to
This setting displays the fully qualified LDAP-style distinguished name of the person or group to whom the certificate has been issued, for example OU = Class 1 Public Primary Certification Authority, O = VeriSign, Inc., and C = US.
Issued by
This setting displays the fully qualified LDAP-style distinguished name of the organization that issued the certificate.
Expires
This setting specifies the certificate expiration date in mm/dd/yyyy format.
Version
This setting specifies the certificate version number, such as V3.
Serial number
This setting displays the certificate's serial number as supplied by the issuing organization, such as 35D5 2365 A34D.
Signature algorithm
This setting displays the certificate's signature algorithm as supplied by the issuing organization, such as SHA-1.
Public key information
This setting displays the certificate's public key as supplied by the issuing organization, such as RSA (2048 Bits).
Key usage
This setting displays one or more of the following predefined key usage values.
- digitalSignature
- nonRepudiation
- keyEncipherment
- dataEncipherment
- keyAgreement
- keyCertSign
- cRLSign
- encipherOnly
- decipherOnly
Extended key usage
Each line includes either the usage name, if it is a recognized usage, or Unknown Key Usage, if it is not a recognized usage, followed by the usage code, for example Unknown Key Usage (1.3.6.1.4.1.311.10.3.3) or Unknown Key Usage (2.16.840.1.113730.4.1).
Authority key identifier
This setting contains either a key identifier or a certificate issuer name and serial number. A hash symbol may also appear. Examples include KeyID=0D27 29E4 052A 97B4 7758 3547 932D 06B8, Certificate issuer: CN = Root SGC Authority, and Certificate serial number = 209D 11D1 0E7F 7B85 7480.
Certificate policies
This setting displays a list of certificate policy object identifiers.
An object identifier (OID) identifies each policy, along with zero or more qualifiers that are associated with that policy. Each qualifier is either a URL pointing to some text, or an organization name plus an integer that refers to a clause in the published Certificate Practices Statement.
Basic constraints
This setting displays the basic constraints as a flag that indicates whether this is a certificate authority certificate. If it is a certificate authority certificate, a "CA certificate" flag appears. A "CA certificate (maximum path length = 4)" may also appear. If it is not a certificate authority certificate, the "Not a CA certificate" flag appears.
Name constraints
This setting displays the names that the issuer has used to limit the certificate authority's ability to verify to a subset of the name tree. For example, a simple variant consists of two lists of names. One name displays the roots of sub-trees that the certificate is valid for. The other displays roots of sub-trees that the certificate is invalid for.
CRL distribution points
This setting indicates where to search for a CRL that might contain this certificate.
Thumbprint (SHA-1)
This setting displays the SHA-1 value as a standard hex string in a four-digit cluster.
Thumbprint (MD5)
This setting displays the MD5 value as a standard hex string in a four-digit cluster.
Other extensions
This setting displays non-decoded extensions, other than those that appear on this dialog box, in binary format (uninterpreted BER).
Examples of certificate object identifiers are shown below.
- OID: 1.2.3.4, Critical, Value: 30 01 01
- OID: 1.2.3.5, Non-critical, Value: 30 02 01 03
Examples of non-decoded extensions are shown below.
- Policy constraints -- These enable a certificate authority to state the purposes and restrictions imposed on certificates verified with this certificate.
- Subject alternate names -- SubjectAltNames are a series of alternate names.