This document discusses PKI and certificates. It explains that certificates function like digital signatures and contain identifying information. The document instructs the reader to download a certificate from Google, view its contents using OpenSSL, and explore certificate authorities. It also assigns tasks to explore certificate directories and set up a self-signed root CA certificate. The document is authored by Morten Bo Nielsen and licensed under Creative Commons.

1. Morten Bo Nielsen – mon@eal.dk 1/8
PKI and certificates
ITT2 IT security
2014S

2. Morten Bo Nielsen – mon@eal.dk 2/8
Certificates
Think “signature”
With name
And validation

3. Morten Bo Nielsen – mon@eal.dk 3/8
Assignment X.509 Format
1)Go to https://google.dk
2)Save certificate as .pem
3)openssl x509 -in star.google.dk.pem -noout -text
4)What information is in it
http://en.wikipedia.org/wiki/X.509

4. Morten Bo Nielsen – mon@eal.dk 4/8
Certificate
Authorities

5. Morten Bo Nielsen – mon@eal.dk 5/8
Assignment: Treasure hunting
What is is in
/etc/ssl/certs
/etc/ssl/private
/etc/ssh

6. Morten Bo Nielsen – mon@eal.dk 6/8
Root CA

7. Morten Bo Nielsen – mon@eal.dk 7/8
Assignment: Set up your own
Create a CA root certificate (hint)
Make a signed certificate
Have someone check that it is valid (hint)

8. Morten Bo Nielsen – mon@eal.dk 8/8
Credits & licences
● Content by Morten Bo Nielsen
License: Creative Commons Attribution-NonCommercial-
ShareAlike 3.0 Unported License. (
http://creativecommons.org/licenses/by-nc-sa/3.0/)
● EAL logo might be an issue, please check before you use it