1

I have obtained the following certificate (I have just paste here, a part of it) via this command : openssl s_client -showcerts -connect ip:port

   1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
   -----BEGIN CERTIFICATE-----
   MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh

I'm wondering the meaning of several particular fields, what 1 s:/ and i:/ stand for ?

Guillaume Paris
  • 119
  • 4
  • Everything outside of the --- BEGIN ---- END block(s) is a hint for humans and will be ignored by all programs. If shows the subject names of the certificate and it's signer. – Robert Apr 28 '20 at 07:06
  • And after the begin certificate, the characters are the public key used for checking digital signature realized by DigiCert Global Root CA ? – Guillaume Paris Apr 28 '20 at 07:09
  • 2
    No the base64 encoded block contains the complete X.509 certificate which includes the public key (and of course the signature of the certificate itself). Paste the base64 encoded content here to see it's ASN.1 components: https://lapo.it/asn1js/ – Robert Apr 28 '20 at 07:10
  • Thanks for the link, very helpful – Guillaume Paris Apr 28 '20 at 07:31

1 Answers1

1

The s:/ is the Subject. This contains the Distinguished Name (DN) information for the certificate. The fields included in a typical SSL certificate are:

  • Common Name (CN)
  • Organization (O)
  • Organizational Unit (OU)
  • Locality or City (L)
  • State or Province (S)
  • Country Name (C)

The i:/ is the Issuer. The Issuer field identifies the entity who has signed and issued the certificate. For SSL certificates, this would contain the the Distinguished Name (DN) information for the Intermediate CA Certificate.

spikey_richie
  • 8,951