Search notes:

Public Key Certificate

aka: digital certificate, identity certificate, or just certificate.
The primary purpose of a certificate is to authenticate the identity of the owner of the certificate to other parties involved in electronic transactions.
Such owners include persons, services and devices.
Ceritificate owners are also referred to as subjects.
The information («fields») typically found in a certificate includes:
A certificate must be issued and signed by a certfication authority (CA).
The main advantage for public key certificates is that a party that needs to authenticate someone does not have to keep a list of passwords but rather explicitly trusts one certificate authority and implicitly trusts that the certificate authority has performed the necessary identity verifications.
A standard that defines the format of public key certificates is X.509.

Types of certificates

Types of certificates include
Certificate type Purpose
Secure Multipurpose Internet Mail Extensions (S/MIME) signing email messages.
Secure Sockets Layer (SSL) and Internet Protocol security (IPSec) digital certificates authenticating network connections.
Smart cards logging on to PCs

Self signed certificate

A certificate that is signed by its own private key (and whose subject is equal to the issuer?) is a self signed certificate.
Such certificates can be trusted (only) because of arrangements that were made in the physical world (for example inclusion on a trusted root list).
Root certificates are self signed.
Misc: Under the root directory of an MS Office installation is the the SELFCERT.EXE executable which allows to create a self-signed digital certificate.

Displaying the content of a certificate

OpenSSL

The content of a certificate can be displayed, for example, on the command line with the openssl executable: 
$ openssl x509 -in xyz.crt -noout -text

Windows

In a Windows command line, the certificate can be displayed like so 
C:\> Windows/dirs/Windows/System32/certutil_exe[certutil] -dump path\to\certificate.crt
A certificate file with the .crt suffix can be right clicked and then opened in Windows Explorer to have its content displayed in a dialog window.

Windows

In Windows, a Domain includes a certificates authority that issues certificates to computers in that domain.
Certificates can be viewed and examined with certmgr.msc.

Stores

Certificates are stored in stores, of which the two most important ones are
  • the local machine store
  • the current user store
With PowerShell, these stores can be displayed with the cert provider: 
PS C:\> cd cert:
PS Cert:\> get-childItem | select-object location

    Location
    --------
 CurrentUser
LocalMachine
p
PS Cert:\> cd LocalMachine
… etc. etc. …

.NET namespace

The .NET namespace System.Security.Cryptography.X509Certificates contains the Common Language Runtime implementation of the Authenticode X.509 v.3 certificate.
The PowerShell provider Certificate allows to access the namespace's classes X509Certificate2 and X509Store.

See also

Security: credentials
The PowerShell cmdlet new-selfSignedCertificate creates X.509 certificates and private key/public key pairs
certutil.exe
Tools/scripts/get-remote-certificate.py public key
The JDK keytool.

Index