Encodages
Un certificat est codé dans le format ASN.1.
Ce format est par la suite transformé en format binaire DER (Distinguished Encoding Rules).
Afin d’être facilement transportable, ce format binaire est codé en base64 et nommé PEM (Privacy-enhanced Electronic Mail).
Exemple de certificat au format ASN.1
SEQUENCE (3 elem)
SEQUENCE (8 elem)
[0] (1 elem)
INTEGER 2
INTEGER 73
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
NULL
SEQUENCE (4 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString FR
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
PrintableString Elysiria
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
PrintableString Elysiria Trust Network
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
PrintableString Elysiria Intermediate Certification Authority
SEQUENCE (2 elem)
UTCTime 2016-10-20 17:18:49 UTC
UTCTime 2017-10-21 17:18:49 UTC
SEQUENCE (5 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString FR
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
PrintableString Provence
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
PrintableString Marseille
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
PrintableString Elysiria
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
PrintableString www.elysiria.fr
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1)
NULL
BIT STRING (1 elem)
SEQUENCE (2 elem)
INTEGER (4096 bit) 875006828276856936174615509275350919315039371123097277176082839063751…
INTEGER 65537
[3] (1 elem)
SEQUENCE (5 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.19 basicConstraints (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (0 elem)
SEQUENCE (3 elem)
OBJECT IDENTIFIER 2.5.29.15 keyUsage (X.509 extension)
BOOLEAN true
OCTET STRING (1 elem)
BIT STRING (3 bit) 101
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.14 subjectKeyIdentifier (X.509 extension)
OCTET STRING (1 elem)
OCTET STRING (20 byte) D443FF00E40AED7B752C4ADA9036A429C9418A1C
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.35 authorityKeyIdentifier (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (1 elem)
[0] (20 byte) 39AE36008412CC07F4A71C62B03D696E8CA8B76B
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.17 subjectAltName (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (4 elem)
[2] elysiria.fr
[2] *.elysiria.fr
[2] *.elysiria.org
[1] webmaster@elysiria.fr
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
NULL
BIT STRING (4096 bit) 000111100100100100001000110101000001100100100010010000010010110001100…
Format ASN.1 traduit par openssl
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 73 (0x49)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, O=Elysiria, OU=Elysiria Trust Network, CN=Elysiria Intermediate Certification Authority
Validity
Not Before: Oct 20 17:18:49 2016 GMT
Not After : Oct 21 17:18:49 2017 GMT
Subject: C=FR, ST=Provence, L=Marseille, O=Elysiria, CN=www.elysiria.fr
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d6:7b:2d:e2:0a:8a:f2:cc:2a:40:35:d6:a5:75:
7a:a8:a0:b8:47:ec:ed:c6:0c:04:6a:60:70:9e:5d:
eb:e7:ff:3c:3c:57:33:fb:23:52:87:73:13:ea:f5:
dc:e7:9d:25:f8:f0:70:54:7e:bf:02:08:9f:f4:c6:
5a:fc:05:de:b8:e0:00:c1:4b:6e:73:7e:ed:d2:47:
84:64:b4:2b:4c:d8:a7:8a:2b:33:17:06:60:9e:52:
b4:42:21:02:12:d2:02:35:9d:20:3b:01:62:9d:74:
9c:de:4d:75:b3:ec:dd:4d:56:f7:27:aa:77:b8:25:
79:4e:e1:03:0f:ee:ef:89:cd:fc:cb:f0:91:e8:a8:
bc:d9:17:26:24:c5:48:79:fa:3c:83:5f:84:83:fa:
80:d3:a5:7d:b7:83:22:51:fc:04:97:32:43:c4:b9:
d6:d8:07:cc:1e:7b:ea:b2:92:82:5a:0b:66:81:c0:
42:a7:e3:e1:a5:82:27:b2:2a:c0:f6:eb:c1:e7:58:
4d:05:0e:00:22:53:79:0b:b5:4f:a0:0d:47:cc:81:
52:e2:b0:0d:fd:84:35:79:13:5c:b7:a8:a4:da:f8:
a7:19:52:0a:0e:21:07:b0:5d:b8:a3:cd:f5:d8:01:
69:70:79:c1:c6:bf:46:6b:99:a9:69:88:c3:83:e0:
e2:d0:65:62:22:50:4f:83:67:ad:c2:ae:79:e0:87:
93:f6:ba:5b:ee:2c:f9:fc:cb:c5:c8:37:d0:2b:0c:
f7:ac:91:c5:b8:0a:65:02:d2:13:9d:89:aa:d5:c8:
fa:45:9a:0b:c9:b1:3c:e7:f2:1e:96:bf:cb:ed:5a:
fe:bb:a0:df:b9:b4:59:59:44:3e:8e:18:9f:51:e7:
20:8e:1d:18:a2:bf:27:54:15:10:d8:e2:08:2a:e3:
c1:7f:2d:a2:39:bb:78:9a:2f:38:58:36:da:11:ff:
04:b5:8a:4b:e2:89:50:da:cd:99:e3:c5:d6:c6:08:
7f:e2:3b:e1:c3:1f:86:3b:11:ab:57:48:37:24:27:
fa:db:e5:26:f2:cc:29:b0:d9:fd:89:37:5c:eb:e8:
6a:ba:5f:2b:e3:bf:57:5c:1a:05:22:0e:3b:db:18:
52:7e:eb:59:ff:ac:a1:11:e6:84:c2:4a:0e:f2:63:
b7:70:d6:20:9e:25:00:df:a1:c6:52:06:6f:2c:9c:
b2:50:f8:98:63:76:2f:4f:3b:9d:01:0e:38:50:d3:
fb:1c:2c:be:4d:7a:43:0a:d3:9e:8d:30:47:52:31:
a2:77:85:27:c0:4c:51:c8:f0:00:c7:a6:f0:4c:2e:
82:b6:49:77:fe:ba:19:d0:ea:b9:27:a7:b5:9b:ad:
37:05:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Subject Key Identifier:
D4:43:FF:00:E4:0A:ED:7B:75:2C:4A:DA:90:36:A4:29:C9:41:8A:1C
X509v3 Authority Key Identifier:
keyid:39:AE:36:00:84:12:CC:07:F4:A7:1C:62:B0:3D:69:6E:8C:A8:B7:6B
X509v3 Subject Alternative Name:
DNS:elysiria.fr, DNS:*.elysiria.fr, DNS:*.elysiria.org, email:webmaster@elysiria.fr
Signature Algorithm: sha256WithRSAEncryption
1e:49:08:d4:19:22:41:2c:61:43:3a:44:5a:67:0c:fe:f8:1a:
19:c2:4e:00:5f:9b:4a:55:07:ed:96:c3:87:9f:ec:e8:f5:7c:
d7:1c:11:8b:40:62:04:11:9b:94:86:61:a1:ca:56:12:0b:71:
a1:33:9a:5f:d1:75:cb:2a:d8:83:96:1e:d7:fd:56:c4:34:33:
23:da:57:00:2b:a3:af:3d:dd:67:ae:3a:86:9b:48:82:ae:8e:
c2:f1:5a:9a:dd:2d:ca:f1:44:b7:fd:a0:5b:5a:ae:a5:11:2d:
a1:d0:20:e7:e6:2b:a9:5f:7a:3a:2f:ea:3a:9b:f0:90:01:ef:
58:3a:e6:24:71:36:93:15:83:84:74:36:1b:a2:9c:41:27:08:
31:94:05:f4:76:b9:db:61:7a:15:a9:7a:d7:d1:c2:68:77:eb:
72:40:2e:46:d2:4a:c9:64:d8:50:62:c9:6a:83:d4:ea:7e:29:
11:15:d0:f8:9f:7e:8d:5f:da:41:e5:12:9f:e3:bb:b0:00:ac:
39:ee:e0:4f:e0:48:be:69:bb:6d:00:1b:b6:61:13:16:57:71:
3f:7d:83:bd:cc:1e:67:96:38:5e:63:f3:15:49:1d:8d:6f:8b:
ab:ae:84:e6:a5:87:b1:1b:f8:2d:ba:2f:21:7e:71:09:18:12:
62:43:ff:d0:94:9a:47:f5:af:0d:9b:c1:48:e2:ed:a8:34:ce:
4c:8d:b6:1a:8b:6f:d9:09:f9:2d:7f:55:34:d6:df:d6:73:69:
9f:3f:6a:a8:8c:72:af:2b:ee:7b:82:db:3f:10:1f:4f:d0:be:
1d:ff:20:98:d4:03:d9:66:0e:8d:fd:ea:9c:b7:10:32:99:f9:
24:b7:36:1a:84:31:9f:72:3d:3d:47:c3:2e:f5:b7:8b:0c:ea:
90:31:f4:4f:c6:29:60:54:36:6d:94:da:de:68:c0:2d:1d:45:
54:06:0d:a1:3d:b2:4b:48:73:aa:b4:14:e3:2e:79:47:fe:46:
3f:6c:e6:02:50:3a:46:26:6c:a6:d9:b1:09:3f:08:81:a1:cd:
89:74:94:bd:bf:5a:91:cd:95:81:c7:a7:d1:68:a8:7d:95:54:
4e:f4:11:da:25:10:7d:e6:67:6e:a0:52:d8:6d:ee:3a:31:68:
b0:2c:15:45:2d:4b:57:66:41:a3:50:ff:e3:01:b9:72:83:76:
87:a7:6c:89:0e:a7:f0:f9:0a:22:cf:70:49:9a:64:85:41:e8:
90:21:76:ce:29:ed:79:29:03:51:ed:aa:ea:60:b3:d5:aa:81:
8c:62:ba:b8:e0:70:76:02:26:de:c1:2e:66:20:26:dd:7b:59:
b7:b8:43:15:c9:81:33:f8
Format binaire DER
30 82 06 02 30 82 03 EA A0 03 02 01 02 02 01 49 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 79 31 0B 30 09 06 03 55 04 06 13 02 46 52 31 11 30 0F 06 03 55 04 0A 13 08 45 6C 79 73 69 72 69 61 31 1F 30 1D 06 03 55 04 0B 13 16 45 6C 79 73 69 72 69 61 20 54 72 75 73 74 20 4E 65 74 77 6F 72 6B 31 36 30 34 06 03 55 04 03 13 2D 45 6C 79 73 69 72 69 61 20 49 6E 74 65 72 6D 65 64 69 61 74 65 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 30 1E 17 0D 31 36 31 30 32 30 31 37 31 38 34 39 5A 17 0D 31 37 31 30 32 31 31 37 31 38 34 39 5A 30 61 31 0B 30 09 06 03 55 04 06 13 02 46 52 31 11 30 0F 06 03 55 04 08 13 08 50 72 6F 76 65 6E 63 65 31 12 30 10 06 03 55 04 07 13 09 4D 61 72 73 65 69 6C 6C 65 31 11 30 0F 06 03 55 04 0A 13 08 45 6C 79 73 69 72 69 61 31 18 30 16 06 03 55 04 03 13 0F 77 77 77 2E 65 6C 79 73 69 72 69 61 2E 66 72 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 D6 7B 2D E2 0A 8A F2 CC 2A 40 35 D6 A5 75 7A A8 A0 B8 47 EC ED C6 0C 04 6A 60 70 9E 5D EB E7 FF 3C 3C 57 33 FB 23 52 87 73 13 EA F5 DC E7 9D 25 F8 F0 70 54 7E BF 02 08 9F F4 C6 5A FC 05 DE B8 E0 00 … skipping 416 bytes … 27 C0 4C 51 C8 F0 00 C7 A6 F0 4C 2E 82 B6 49 77 FE BA 19 D0 EA B9 27 A7 B5 9B AD 37 05 EB 02 03 01 00 01 A3 81 AC 30 81 A9 30 09 06 03 55 1D 13 04 02 30 00 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 05 A0 30 1D 06 03 55 1D 0E 04 16 04 14 D4 43 FF 00 E4 0A ED 7B 75 2C 4A DA 90 36 A4 29 C9 41 8A 1C 30 1F 06 03 55 1D 23 04 18 30 16 80 14 39 AE 36 00 84 12 CC 07 F4 A7 1C 62 B0 3D 69 6E 8C A8 B7 6B 30 4C 06 03 55 1D 11 04 45 30 43 82 0B 65 6C 79 73 69 72 69 61 2E 66 72 82 0D 2A 2E 65 6C 79 73 69 72 69 61 2E 66 72 82 0E 2A 2E 65 6C 79 73 69 72 69 61 2E 6F 72 67 81 15 77 65 62 6D 61 73 74 65 72 40 65 6C 79 73 69 72 69 61 2E 66 72 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 02 01 00 1E 49 08 D4 19 22 41 2C 61 43 3A 44 5A 67 0C FE F8 1A 19 C2 4E 00 5F 9B 4A 55 07 ED 96 C3 87 9F EC E8 F5 7C D7 1C 11 8B 40 62 04 11 9B 94 86 61 A1 CA 56 12 0B 71 A1 33 9A 5F D1 75 CB 2A D8 83 96 1E D7 FD 56 C4 34 33 23 DA … skipping 416 bytes … E0 70 76 02 26 DE C1 2E 66 20 26 DD 7B 59 B7 B8 43 15 C9 81 33 F8
Format PEM
-----BEGIN CERTIFICATE----- MIIGAjCCA+qgAwIBAgIBSTANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJGUjER MA8GA1UEChMIRWx5c2lyaWExHzAdBgNVBAsTFkVseXNpcmlhIFRydXN0IE5ldHdv cmsxNjA0BgNVBAMTLUVseXNpcmlhIEludGVybWVkaWF0ZSBDZXJ0aWZpY2F0aW9u IEF1dGhvcml0eTAeFw0xNjEwMjAxNzE4NDlaFw0xNzEwMjExNzE4NDlaMGExCzAJ BgNVBAYTAkZSMREwDwYDVQQIEwhQcm92ZW5jZTESMBAGA1UEBxMJTWFyc2VpbGxl MREwDwYDVQQKEwhFbHlzaXJpYTEYMBYGA1UEAxMPd3d3LmVseXNpcmlhLmZyMIIC IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1nst4gqK8swqQDXWpXV6qKC4 R+ztxgwEamBwnl3r5/88PFcz+yNSh3MT6vXc550l+PBwVH6/Agif9MZa/AXeuOAA wUtuc37t0keEZLQrTNiniiszFwZgnlK0QiECEtICNZ0gOwFinXSc3k11s+zdTVb3 J6p3uCV5TuEDD+7vic38y/CR6Ki82RcmJMVIefo8g1+Eg/qA06V9t4MiUfwElzJD xLnW2AfMHnvqspKCWgtmgcBCp+PhpYInsirA9uvB51hNBQ4AIlN5C7VPoA1HzIFS 4rAN/YQ1eRNct6ik2vinGVIKDiEHsF24o8312AFpcHnBxr9Ga5mpaYjDg+Di0GVi IlBPg2etwq554IeT9rpb7iz5/MvFyDfQKwz3rJHFuAplAtITnYmq1cj6RZoLybE8 5/Ielr/L7Vr+u6DfubRZWUQ+jhifUecgjh0Yor8nVBUQ2OIIKuPBfy2iObt4mi84 WDbaEf8EtYpL4olQ2s2Z48XWxgh/4jvhwx+GOxGrV0g3JCf62+Um8swpsNn9iTdc 6+hqul8r479XXBoFIg472xhSfutZ/6yhEeaEwkoO8mO3cNYgniUA36HGUgZvLJyy UPiYY3YvTzudAQ44UNP7HCy+TXpDCtOejTBHUjGid4UnwExRyPAAx6bwTC6Ctkl3 /roZ0Oq5J6e1m603BesCAwEAAaOBrDCBqTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQE AwIFoDAdBgNVHQ4EFgQU1EP/AOQK7Xt1LErakDakKclBihwwHwYDVR0jBBgwFoAU Oa42AIQSzAf0pxxisD1pboyot2swTAYDVR0RBEUwQ4ILZWx5c2lyaWEuZnKCDSou ZWx5c2lyaWEuZnKCDiouZWx5c2lyaWEub3JngRV3ZWJtYXN0ZXJAZWx5c2lyaWEu ZnIwDQYJKoZIhvcNAQELBQADggIBAB5JCNQZIkEsYUM6RFpnDP74GhnCTgBfm0pV B+2Ww4ef7Oj1fNccEYtAYgQRm5SGYaHKVhILcaEzml/Rdcsq2IOWHtf9VsQ0MyPa VwAro6893WeuOoabSIKujsLxWprdLcrxRLf9oFtarqURLaHQIOfmK6lfejov6jqb 8JAB71g65iRxNpMVg4R0NhuinEEnCDGUBfR2udthehWpetfRwmh363JALkbSSslk 2FBiyWqD1Op+KREV0Piffo1f2kHlEp/ju7AArDnu4E/gSL5pu20AG7ZhExZXcT99 g73MHmeWOF5j8xVJHY1vi6uuhOalh7Eb+C26LyF+cQkYEmJD/9CUmkf1rw2bwUji 7ag0zkyNthqLb9kJ+S1/VTTW39ZzaZ8/aqiMcq8r7nuC2z8QH0/Qvh3/IJjUA9lm Do396py3EDKZ+SS3NhqEMZ9yPT1Hwy71t4sM6pAx9E/GKWBUNm2U2t5owC0dRVQG DaE9sktIc6q0FOMueUf+Rj9s5gJQOkYmbKbZsQk/CIGhzYl0lL2/WpHNlYHHp9Fo qH2VVE70EdolEH3mZ26gUtht7joxaLAsFUUtS1dmQaNQ/+MBuXKDdoenbIkOp/D5 CiLPcEmaZIVB6JAhds4p7XkpA1Htqupgs9WqgYxiurjgcHYCJt7BLmYgJt17Wbe4 QxXJgTP4 -----END CERTIFICATE-----