PKI Tutorials - Herong's Tutorial Examples - v2.32, by Herong Yang
PKI Tutorials - Herong's Tutorial Examples
https://www.herongyang.com/PKI
Copyright © 2010-2022 Herong Yang. All rights reserved.
This tutorial book is a collection of notes and sample codes written by the author while he was learning PKI (Public Key Infrastructure) technologies himself. Topics include Root CA (Certificate Authorities); SSL, TLS, and HTTPS; Server and client authentication processes; Communication data encryption; Using HTTPS with Chrome, Firefox, Edge, Safari and Internet Explorer; Managing certificates on Windows, macOS, iOS and Android systems; X.509 certificate format; Certificate store and management tools; Certificate validation chain; Self-signed certificate and CSR; Digital signature on MS Word and OpenOffice documents; Get free personal certificate from Comodo. Updated in 2022 (Version v2.32) with macOS and Safari tutorials.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
What Is PKI (Public Key Infrastructure)
Usage Examples of Public Key Infrastructure
Most Popular Certificate Authorities
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
What Is HTTPS (Hypertext Transfer Protocol Secure)?
HTTPS Server Authentication Process
HTTPS Communication Data Encryption
Using HTTPS with Google Chrome
Visiting "https" Website with Google Chrome
Viewing Server Certificate in Google Chrome
Viewing Server Certificate Path in Google Chrome
Exporting Server Certificate to File in Google Chrome
Viewing Trusted Root CA Certificates in Google Chrome
Listing of Trusted Root CA in Google Chrome
Exporting Root Certificate to File from Google Chrome
Deleting Root CA Certificates from Google Chrome
Google Chrome Shares Windows PKI with IE
Using HTTPS with Mozilla Firefox
Visiting "https" Website with Mozilla Firefox
Viewing Server Certificate in Mozilla Firefox
Server Certificate General Information
Viewing Server Certificate Path in Mozilla Firefox
Exporting Server Certificate to File in Mozilla Firefox
Viewing Pre-Installed Certificates in Mozilla Firefox
Listing of Trusted Root CA in Mozilla Firefox
Exporting Certificate to File from Mozilla Firefox
Deleting Root CA Certificates from Mozilla Firefox
Mozilla Firefox Displaying Certificate Error Page
Adding Security Exception in Mozilla Firefox
Failing to Import Root CA Certificates to Mozilla Firefox
Certificate Trust Settings in Mozilla Firefox
Visiting "https" Website with Apple Safari
Showing Server Certificate in Apple Safari
Viewing Certificate Details in Apple Safari
View Server Certificate Path in Apple Safari
Export Server Certificate to File from Safari
View Trusted Root CA Certificates in Safari
HTTPS with IE (Internet Explorer)
Visiting "https" Website with IE
Viewing Server Certificate Details in IE
Viewing Server Certificate Path in IE
Installing Server Certificate Permanently in IE
Viewing Certificates in Certificate Stores in IE
Listing of Trusted Root CA in IE
Exporting Certificate to File from IE
Saving Server Certificate to File with IE
IE Supporting Multiple Certificate Paths
IE Reinstalling Root Certificates Automatically
Windows Automatic Root Update Mechanism
Android and Server Certificate
Visiting "https" Website with Chrome on Android Phone
"Your connection is not private" with Chrome on Android Phone
Viewing Server Certificate with Chrome on Android Phone
Viewing Server Certificate Path with Chrome on Android Phone
Trusted Certificate Store on Android phone
Downloading Trusted Root Certificate on Android phone
Installing Trusted Root Certificate on Android phone
Installing Website Server Certificate on Android Phone
Visiting "https" Website with Safari on iOS 10 iPhone
"Cannot Verify Server Identity" with Safari on iOS 10
Visiting "https" Website with Chrome on iOS 10 iPhone
"Your connection is not private" with Chrome on iOS 10
Installing Website Server Certificate on iOS 10 iPhone
Trusted Certificate Store on iOS 10 iPhone
Install Trusted Root Certificate on iOS 10 iPhone
View Certificate Profile on iOS 10 iPhone
Enable Full Trust for Root Certificate on iOS 10 iPhone
Windows Certificate Stores and Console
Microsoft Management Console (MMC)
Creating Certificate Console as a MMC Snap-In
Exporting a List of Root CA Certificates
Viewing Certificate Properties and Purposes
Exporting a Root CA Certificate to a File
Deleting a Root CA Certificate
Importing a Root CA Certificate from a File
Disabling a Root CA Certificate
RDP (Remote Desktop Protocol) and Server Certificate
Running "Remote Desktop Connection" Using RDP
Showing RDP Server Certificate Failed Error
Viewing and Installing RDP Server Certificate
RDP Server Certificate Location
macOS Certificate Stores and Keychain Access
What Is Keychain Access on macOS
Listing of Trusted Root CA in macOS
Exporting Root Certificate to File from macOS
Delete/Untrust Certificates from macOS
Unlock Keychain to Access Certificate on macOS
Import Server Certificates to macOS
Create My Own Root CA on macOS
Review My Root CA Certificate on macOS
Review Private Key of My CA Certificate on macOS
Generate CSR (Certificate Signing Request) on macOS
Issue New Certificate with My CA on macOS
Verify Certificate Signed by My CA on macOS
Keychain File Locations on macOS
CA Certificates at "/etc/ssl | /private/etc/ssl"
Perl Scripts Communicating with HTTPS Servers
Installing Crypt::SSLeay 0.72 on Windows
LWP SSL verify_hostname Setting
LWP SSL List of Root CA Certificates
Crypt::SSLeay Test Perl Script
HTTPS Request and Response Example
Asking Crypt::SSLeay to Verify Server's Certificate
Crypt::SSLeay Failing to Verify Server's Certificate
Multiple CA Certificates in a Single File
PHP Scripts Communicating with HTTPS Servers
Configuring PHP OpenSSL on Windows
Testing OpenSSL with file_get_contents()
SSL Context Options for OpenSSL
Asking OpenSSL to Verify Server's Certificate
OpenSSL Failing to Verify Server's Certificate
Multiple CA Certificates in a Single File
Testing OpenSSL with fsockopen()
Adding CA Certificates for the PHP Engine
Testing OpenSSL with stream_socket_client()
Java Programs Communicating with HTTPS Servers
Java Secure Socket Extension (JSSE)
Using openStream() Method in java.net.URL Class
javax.net.ssl.trustStore System Property
Default Trusted KeyStore File - cacerts
PKIX Path Building Failed - No CA Certificate
Using openConnection() Method in java.net.URL Class
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
Installing CAcert.org Root CA in Firefox
Installing CAcert.org Root CA in IE
Adding and Validating Domain Names
Generating Certificate Signing Request (CSR)
Getting Server Certificate Signed by CAcert.org
PKI CA Administration - Issuing Certificates
Comodo Free Personal Certificate
Applying Free Personal Certificate at Comodo
Installing Comodo Personal Certificate with Firefox
Viewing Comodo Personal Certificate in Firefox
Backing up Comodo Personal Certificate from Firefox
Exporting Public Key Certificate from Firefox
Installing Comodo Personal Certificate with Chrome
Installing Comodo Personal Certificate to Windows
Viewing Comodo Personal Certificate in Windows
Digital Signature - Microsoft Word
Digital Signature - OpenOffice.org 3
OpenOffice.org 3 - Applying Digital Signatures
Converting KeyStore Files to PKCS12 Files
Importing Private-Public Key Pair with Internet Options
Viewing a Certificate with a Private Key
Importing CA Certificates into the Trusted Store
Signing OpenOffice.org 3 Document Failed
Generating CSR for a Personal Certificate
Getting Personal Certificate Signed by CAcert.org
Storing Personal Certificate with Its Keys
Installing Personal Certificate with Internet Options
Signing OpenOffice.org 3 Document Worked
Digital Signature Scheme for Email Messages
A Simple Email Message Example
Email Messages with Attachments using MIME
Email Messages with Digital Signatures using S/MIME
Encrypted Email Messages using S/MIME
Digital Signature and Encryption in Outlook
Email Security Settings in Outlook
Valid Certificate Required in Outlook
Message Security Properties in Outlook 2007
Firefox Extension - Gmail S/MIME
PKI (Public Key Infrastructure) Terminology
Archived: Viewing Server Certificate in Chrome 40
Archived: Viewing Server Certificate in Firefox 35
Archived: Viewing Pre-Installed Certificates in Firefox 35
Archived: Firefox 35 Displaying Certificate Error Page
Archived: Adding Security Exception in Firefox 35
Archived: Windows XP Component "Update Root Certificates"
Archived: Creating Certificates Console on Windows XP
Archived: Applying Digital Signatures with Word 2007
Archived: Creating a Digital ID and Sign Word Documents
Archived: Viewing Digital ID Created by MS Word
Archived: Obtaining a Trial Digital ID from ARX CoSign
Archived: Viewing Digital ID Obtained from ARX CoSign
Archived: Windows XP Component - Removing "Update Root Certificates"
Archived: IE 8 Displaying Certificate Error Page
Archived: IE 8 Displaying Certificate Error Icon
Archived: Viewing Certificate Path Validation Error in IE 8
Keywords: PKI, Public, Key, Infrastructure, Security