PKI Certificate Tutorials - Herong's Tutorial Examples

∟Introduction of PKI Certificate

∟OIDs Used in PKI Certificate

This section introduces OIDs (Object IDentifiers) used in PKI certificates to represent attribute names and predefined reference values.

What Is OID (Object IDentifier)? An OID is a sequence of numbers that uniquely identifies an object, which is a reference to a specific "thing" assigned by a related authority.

OIDs are widely used in the X.509 standard to represent attribute names and predefined reference values. Here are some examples:

• "1.2.840.10045.3.1.7" - iso.member-body.us.ansi-x962.curves.prime.prime256v1: Refers to the "prime256v1" elliptic curve used to generate private key and public key pairs.
• "1.3.132.0.34" - iso.org.certicom.curve.ansip384r1: Refers to the "ansip384r1" elliptic curve used to generate private key and public key pairs.
• "2.5.29.15" - joint-iso-itu-t.ds.certificateExtension.keyUsage: refers to the Key Usage field name in the Extensions container.
• "2.5.29.19" - joint-iso-itu-t.ds.certificateExtension.basicConstraints: Refers to the Basic Constraints field name in the Extensions container.
• "2.23.140.1.2.1" - joint-iso-itu-t.org.ca-browser-forum.certificate-policies.baseline-requirements.domain-validated: Refers to the "Domain Validated" certificate policy defined by the CA Browser Forum.

If you see an OID number displayed in a certificate printout, you can visit the OID Repository at oid-info.com to lookup the definition of the OID number.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

►Introduction of PKI Certificate

 PKI Certificate File Formats

 OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB

OIDs Used in PKI Certificate - Updated in 2024, by Herong Yang