The Open–source PKI Book: A guide to PKIs and Open–source Implementations
Prev	Appendix B. Sample Certificate Documents	Next

Sample CA Certificate in TXT format

This is a sample Certificate in TXT format.

Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=GB, ST=Surrey, O=Best CA Ltd, OU=Class 1 Public Primary Certification Authority, CN=Best CA Ltd Validity Not Before: Feb 5 19:50:16 2000 GMT Not After : Feb 4 19:50:16 2001 GMT Subject: C=GB, ST=Surrey, O=Best CA Ltd, OU=Class 1 Public Primary Certification Authority, CN=Best CA Ltd Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:dd:3c:f6:9a:be:d2:66:20:0c:7d:0c:ae:bc:18: cc:f4:e8:89:8d:16:b3:5c:16:75:06:33:f9:08:4f: d6:9b:f4:6b:e7:4d:0f:44:af:8b:87:dc:79:78:93: e8:e4:20:19:df:f0:0d:04:4d:2c:4c:ad:19:b0:31: 8c:6a:4d:a6:d6:0e:e8:ae:e2:37:75:8d:d5:1e:a2: 31:15:3c:f4:4d:ad:5d:f8:d0:23:c2:72:de:e2:73: 9b:ef:f7:84:25:b0:cf:92:4d:39:4a:18:41:ac:91: 81:28:ac:5b:f2:7d:74:e2:8f:f9:a7:c1:c0:b1:93: dd:cd:b1:4c:23:23:63:27:30:4c:da:8e:72:e4:0d: 77:c2:22:e2:b4:43:bb:9d:ca:36:59:fc:98:91:0c: da:c4:2c:34:03:0c:e5:91:51:e2:23:20:ae:68:5e: 30:8f:9e:f5:a5:2c:e4:bf:ab:2f:fb:82:03:31:b4: ff:5e:90:a8:f0:be:b0:4d:aa:f3:af:2c:27:42:c8: 7e:7a:d2:c3:e8:5b:53:8d:86:db:ae:f6:7c:45:03: 35:b6:52:9d:a0:c1:e0:da:ac:6b:68:05:7e:f8:73: 41:62:63:56:b3:47:6e:11:d8:d4:6c:92:be:65:aa: f2:a5:72:3d:4e:d9:d2:e2:8d:42:92:3e:cf:39:f9: 63:89 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 3C:BA:B3:02:44:B6:18:30:75:0A:53:90:24:22:\ 9F:4D:24:72:70:E5 X509v3 Authority Key Identifier: keyid:3C:BA:B3:02:44:B6:18:30:75:0A:53:90:\ 24:22:9F:4D:24:72:70:E5 DirName:/C=GB/ST=Some-State/O=Best CA Ltd/\ OU=Class 1 Public Primary Certification Authority/CN=Best CA Ltd serial:00 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption b5:b9:80:5c:b1:29:dc:c0:03:db:28:c8:a3:08:30:ac:41:ea: fb:ef:60:b6:b9:ca:57:c5:05:04:fc:2d:29:59:69:ba:80:39: 30:77:90:f4:0d:23:03:25:1a:95:ff:07:a8:67:8c:02:e8:1e: f7:7f:96:06:3e:7e:90:99:b2:e1:19:81:da:5c:97:92:0f:a2: ab:5d:ca:0e:c0:b7:52:68:69:89:62:c9:4b:29:90:77:64:80: c4:a7:4c:18:4c:68:60:b5:e6:fa:24:58:93:b6:72:ef:5c:9b: a0:3a:c7:f6:c5:da:d8:7c:f0:a2:20:1e:e0:04:c0:15:ec:6c: dd:73:85:6c:a5:2e:a5:8e:b0:21:6e:28:9a:c1:d0:62:42:54: 26:b0:17:85:cf:d2:64:17:89:c3:99:94:cf:0d:bd:e5:f0:1a: 06:37:ea:8c:6b:9e:98:22:df:2e:9d:ad:a0:63:89:76:3b:ff: e8:9f:cf:2b:e4:85:89:96:6d:4b:d2:80:3c:7b:87:d1:db:2a: c1:1d:71:7a:d1:fe:36:59:a7:6c:19:e1:4a:93:23:6b:c0:68: bf:ee:f4:0c:7d:77:46:b1:1a:d7:34:64:46:9d:7f:af:58:36: 77:ff:35:88:d2:3a:03:b4:29:0d:9e:a1:29:56:78:60:fe:00: 15:98:7a:17

This is the CA Certificate, also called the Root CA Certificate. It is in TXT format which is another way to say that it is in a human–readable format.

Notice the modulus. It has 2048 bits and it is the product of two big primes. Each prime has about 1024 bits. The security of the certificate relies on the difficulty to factorise this 2048–bits long (or over 600 decimal digits long) number. Since we generated this key–pair, we already know these two primes. All the mentioned values, in decimal, are in the section called Sample Private Key in TXT format (2048 bits).

We have chosen RSA for the public key algorithm. We could have chosen one of the alternatives, like El Gamal or elliptic curves.

Prev	Home	Next
Sample CA Certificate in PEM format	Up	Sample certificate request in PEM format