This is what I thought as well, until I have seen some certificates having MD5 as the signature hash algorithm and SHA1 as the fingerprint/thumbprint algorithm. Based on this the Fingerprint/thumbprint cannot be the Digital signature of the CA. What I think now is that the fingerprint is just a simple Hash of the certificate, something similar to the Authority Key Identifier or Subject Key Identifier which are Hashes of the pubic keys.
But the question is then where is the encrypted hash of the certificate(aka digital signature) ? Thannks! On Wed, Oct 12, 2011 at 12:51 PM, waleed ' <[email protected]> wrote: > I think it is the Fingerprint , it is encrypted using private key of CA > server and the client decode using ca public key and make hashing for the > certificate and compare withe the decoded finger print > > ------------------------------ > Date: Wed, 12 Oct 2011 10:42:20 -0700 > From: [email protected] > To: [email protected] > Subject: [OSL | CCIE_Security] Digital certificates > > > Hi guys, > > In PKI, CA will digitally sign every certificate as a proof that he was the > one who emitted the certificate . > This means that it will use it's private key to encrypt the hash product of > the certificate. > Where can I find this information when I look at a certificate? Which > component of a certificate is the Digital Signature > of the CA. > > Thanks! > Oszkar > > _______________________________________________ For more information > regarding industry leading CCIE Lab training, please visit > www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
