Root CA Certificate Example

PKI Certificate Tutorials - Herong's Tutorial Examples

∟Root CA Certificate Example

This section provides a root CA certificate example and explanations of its data fileds.

After reviewing the structure and data fields of PKI structures, let's look at the most popular root CA certificate named as "ISRG Root X2" provided by "Let's Encrypt", and see if we can understand what's in the certificate.

Here is the "ISRG Root X2" certificate in PEM format.

Here are data fields of the certificate printed out by the OpenSSL tool:

Data:
  Version: 3 (0x2)
  Serial Number:
    41:d2:9d:d1:72:ea:ee:a7:80:c1:2c:6c:e9:2f:87:52
  Signature Algorithm: ecdsa-with-SHA384
  Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X2
  Validity
    Not Before: Sep  4 00:00:00 2020 GMT
    Not After : Sep 17 16:00:00 2040 GMT
  Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X2
  Subject Public Key Info:
    Public Key Algorithm: id-ecPublicKey
    EC Public Key:
      pub:
        04:cd:9b:d5:9f:80:83:0a:ec:09:4a:f3:16:4a:3e:
        5c:cf:77:ac:de:67:05:0d:1d:07:b6:dc:16:fb:5a:
        8b:14:db:e2:71:60:c4:ba:45:95:11:89:8e:ea:06:
        df:f7:2a:16:1c:a4:b9:c5:c5:32:e0:03:e0:1e:82:
        18:38:8b:d7:45:d8:0a:6a:6e:e6:00:77:fb:02:51:
        7d:22:d8:0a:6e:9a:5b:77:df:f0:fa:41:ec:39:dc:
        75:ca:68:07:0c:1f:ea
      ASN1 OID: secp384r1
  X509v3 extensions:
      X509v3 Key Usage: critical
        Certificate Sign, CRL Sign
      X509v3 Basic Constraints: critical
        CA:TRUE
      X509v3 Subject Key Identifier:
        7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95
Signature Algorithm: ecdsa-with-SHA384
  30:65:02:30:7b:79:4e:46:50:84:c2:44:87:46:1b:45:70:ff:
  58:99:de:f4:fd:a4:d2:55:a6:20:2d:74:d6:34:bc:41:a3:50:
  5f:01:27:56:b4:be:27:75:06:af:12:2e:75:98:8d:fc:02:31:
  00:8b:f5:77:6c:d4:c8:65:aa:e0:0b:2c:ee:14:9d:27:37:a4:
  f9:53:a5:51:e4:29:83:d7:f8:90:31:5b:42:9f:0a:f5:fe:ae:
  00:68:e7:8c:49:0f:b6:6f:5b:5b:15:f2:e7

Here is my understanding of each data field in the printout. Not that field names used by OpenSSL are slightly different than what we used in the previous tutorial to describe the X.509 standard.

1. "Data: ..." - Maps to the TBS (To Be Signed) Certificate container in the X.509 standard. It holds all data fields that are signed by the digital signature included at the end of the certificate.

1.1. "Version: 3 (0x2)" - Maps to Version Number field in the X.509 standard. It tells us that this certificate uses X.509 version 3 standard.

1.2. "Serial Number: 41:d2:9d:..." - A binary string, could be a sequence number, used by the issuer to identify this certificate.

1.3. "Signature Algorithm: ecdsa-with-SHA384" - Maps to the Signature Algorithm ID field of the X.509 standard. It tells us that this certificate is digitally signed with the SHA384 algorithm using an ECDSA key.

1.4. "Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X2" - Maps to the Issuer Name field of the X.509 standard. It tells us who issued (or signed) this certificate: "ISRG Root X2" from Internet Security Research Group in US.

1.5. Validity ... - Maps to the Validity Period field of the X.509 standard. It tells us that this certificate is valid for 30 years between Jun 4, 2015 and Jun 4, 2035.

1.6. "Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X2" - Maps to the Subject Name field of the X.509 standard. It tells us who owns this certificate: "ISRG Root X2" from Internet Security Research Group in US.

So the Subject Name and the Issuer Name are identical in this certificate. This is referred as a self-signed certificate. All root CA certificates are self-signed certificates.

1.7. "Subject Public Key Info: ..." - Maps to the Subject Public Key Info container in the X.509 standard. It tells us that the subject's public key is generated with the EC encryption algorithm using the secp384r1 elliptic curve.

1.8. Issuer Unique Identifier (optional) - Not specified in this certificate.

1.9. Subject Unique Identifier (optional) - Not specified in this certificate.

1.10. "X509v3 extensions: ..." - Maps to the X.509 v3 Extensions container in the X.509 standard. It tells us that:

"X509v3 Key Usage: critical ..." - This certificate is restricted to sign other certificates and CRL. And it is "critial" this restriction is enforced.
"X509v3 Basic Constraints: critical ..." - This is a CA certificate. And it is "critial" this constrain is enforced.
"X509v3 Subject Key Identifier: ..." - This is a fingerprint of the subject's public key.

2. and 3. "Signature Algorithm: ecdsa-with-SHA384 ..." - Maps to the Certificate Signature Algorithm and Certificate Signature data fields in the X.509 standard. It tells us the signature algorithm identification and the signature value generated on the TBS Certificate container.

Based on this understanding, we can derive the following requirements for a root CA certificate:

A root CA certificate must be a self-signed certificate.
A root CA certificate must have the "CA:TRUE" attribute in the "Basic Constraints" X.509 v3 extension field, and marked as "critical".
A root CA certificate must have "Certificate Sign" and "CRL Sign" flags turned on "Key Usage" X.509 v3 extension field, and marked as "critical".

Table of Contents

About This Book

Introduction of PKI (Public Key Infrastructure)

►Introduction of PKI Certificate

PKI Certificate File Formats

OpenSSL - Cryptography Toolkit

"openssl ca" - CA (Certificate Authority) Tool

Java "keytool" Commands and KeyStore Files

PKI Certificate Store

PKCS12 Certificate Bundle File

PKCS7 Certificate Chain File

PKI Certificate Related Terminology

References

Full Version in PDF/EPUB