A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)
Appendix A
X.509 Certificates and Insight Remote
Support Advanced
Overview
An X.509 certificate contains a public key that can be used to check the validity of a digital signature. This
digital signature verifies the authenticity of a document, a message, another X.590 certificate, or any
datum of interest. The digital signature is generated using the X.509 certificate’s corresponding private
key. X.509 certificates are the basis of trust in most secure Internet protocols, the most pervasive being
SSL and TLS.
An X.509 certificate is identified by its subject name, which should be an X.500 name that is unique
across the Internet. For example, the X.500 subject name for one of VeriSign’s root certificates is C=US,
O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
Subject names not only identify certificates, they also identify the entity that issued the certificate. These
certificate issuers, called Certification Authorities (CAs), should be trusted third-party organizations.
Commercial CAs include VeriSign, Thawte, Entrust, and RSA.
The contents of an X.509 certificate that are relevant to this discussion are:
l Subject Name
l Issuer’s Subject Name
l Subject’s Public Key
l Serial Number
l Validity Period
l CRL Distribution Point
l Authority Information Access
The following documents provide more information:
l X.509 Certificates and Certificate Revocation Lists (CRLs)
http://download.oracle.com/javase/1.5.0/docs/guide/security/cert3.html
l What is X.509?
http://www.tech-faq.com/x.509.shtml
l X.509 Style Guide by Peter Gutmann
http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
Certificate Revocation Lists
In an X.509 Public Key Infrastructure (PKI), a Certificate Authority (CA) attests a certificate’s authenticity
by signing the certificate with the CA’s private key. Anyone wishing to verify the certificate checks the
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 52 of 97