Scribd
Upload
27 views3 pages

DPT 4 (16 Mark)

Uploaded by

s.shaflafathima
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
27 views3 pages

DPT 4 (16 Mark)

Uploaded by

s.shaflafathima
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

DPT 4

CW3551 – DATA AND INFORMTION SECURITY

16 MARK
1. Explain the format of the X.509 certificate . Provide any one real time case study for the
use of X.509 certificate
ANS: The current version of the standard is version 3, called as X.509V3. The general
format of digital certificate X.509V3

1. Version : Identifies successive versions of certificate format the default is version


2. Certificate Serial Number ; It contains an unique integer number, which is
generated by Certification Authority (CA).
3. Signature Algorithm Identifier : Identifies the algorithm used by the CA to sign
the certificate.
4. Issuer Name : Identifies the distinguished name of the CA that created and signed
this certificate.
5. Period of Validity : Consists of two date-time values (not before and not after)
within which the certificate is valid
6. Subject Name : It specifies the name of the user to whom this certificate is issued.
7. Subject's Public Key Information : It contains public key of the subject and algorithms
related to that key.
8. Issuer Unique Identifier: It is an optional field which helps to identify a CA
uniquely if two or more CAs have used the same Issuer Name.
9. Subject Unique Identifier : It is an optional field which helps to identify a subject
uniquely if two or more subjects have used the same Subject Name.
10. Extensions : One or more fields used in version 3. These extensions convey
additional information about the subject and issuer keys.
11. Signature : It contains hash code of the fields, encrypted with the CA's
private key. It includes the signature algorithm identifier.
REAL-TIME CASE STUDY: USE OF X.509 CERTIFICATES IN TLS (HTTPS)
Case Study: Secure Online Communication via HTTPS
Context: Every time you visit a secure website (one that starts with "https://"), X.509 certificates
are used as part of the TLS (Transport Layer Security) protocol to establish a secure connection
between the client (browser) and the server.
Scenario: Consider a banking website, such as https://www.bank.com. For the user to securely
interact with the site, the following steps involving X.509 certificates occur:
1. Certificate Issuance:
o The bank applies for an X.509 certificate from a trusted Certificate Authority
(e.g., DigiCert, Let’s Encrypt).
o The CA verifies the identity of the bank and issues an X.509 certificate that
contains the bank’s public key.
2. Client-Server Interaction:
o When a user visits https://www.bank.com, their browser initiates a connection
with the server.
o The server sends its X.509 certificate to the browser as part of the TLS
handshake.
3. Certificate Validation:
o The browser checks if the certificate is issued by a trusted CA and whether it is
valid (within the validity period).
o The browser also verifies the certificate's integrity using the CA's public key.
4. Secure Connection:
o Once the certificate is validated, the browser generates a session key to encrypt
communications.
o The server uses its private key (corresponding to the public key in the X.509
certificate) to decrypt this session key.
o All communication between the browser and the server is now encrypted using
the session key.

You might also like