3.1.3 Management Server Certificate

Article
10/15/2020

A certificate to participate in this protocol MUST be in X.509.v3 format as defined in [RFC3280]. It MUST also have the following object identifier (OID) extensions defined:

Extension OID	Description
2.16.840.1.114227.1.1.1	Encryption public key. The value MUST be an RSA 2048-bit encryption public key, DER encoded.
2.16.840.1.114227.1.1.2	Encryption public key algorithm. The value MUST be an RSA Unicode string without the terminating NULL character.
2.16.840.1.114227.1.1.3	Encryption algorithm. The value MUST be an RSA Unicode string without the terminating NULL character.

These certificates are self-signed, with the issuer and subject being the same, and validity set to 100 years.

The following is a list of fields and values for a sample domain certificate:

 X.509 Certificate:
 Version: 3
 Serial Number: 54b91b4c1294bfceb4919e76feb1ef6747291d7a
 Signature Algorithm:
   Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
   Algorithm Parameters:
   05 00
 Issuer:
   OU=ems5
   O=ems5
  
 NotBefore: 1/2/2008 11:58 AM
 NotAfter: 1/2/2108 11:58 AM
  
 Subject:
   OU=ems5
   O=ems5
  
 Public Key Algorithm:
   Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
   Algorithm Parameters:
   05 00
 Public Key Length: 2048 bits
 Public Key: UnusedBits = 0
   0000 30 82 01 08 02 82 01 01 00 c8 94 24 8b 06 09 c2
   0010 26 95 b7 ae 0c af 7d 8a c0 9e de df f1 1b 42 48
   0020 e2 59 c1 9b 81 ad c2 f6 eb b9 61 ca 6a 8e 96 45
   0030 1b 1a 99 6c f0 d9 0a 42 71 61 73 cd 17 e5 a8 16
   0040 f1 fb b0 e0 99 90 e4 9c b3 a9 b1 05 21 73 fd f3
   0050 fa 16 60 2f c5 4e 42 16 02 78 96 5f 0c 55 2a c4
   0060 10 4f 80 fd 92 49 b7 53 67 52 66 75 49 48 a2 3b
   0070 c9 75 67 34 7c c5 7b 41 27 71 ca ab e3 ea 2e f9
   0080 b4 c3 08 ce 36 40 cd a3 a0 31 98 dd 11 ef e4 d0
   0090 16 10 7a 6c 15 81 a7 39 19 1a 73 10 e9 b5 b4 99
   00a0 bf 43 ce d8 82 d6 c5 9e 8c 9b b6 39 08 e4 89 37
   00b0 b4 a2 c5 cd c2 fa b8 74 d5 91 d8 6d 72 be e4 51
   00c0 34 7d 70 06 54 0c c1 82 7c 63 34 3b 43 5d d6 1d
   00d0 dd 72 79 fb fc 8d fb 75 da eb 89 59 25 4d e8 59
   00e0 aa 40 cb 1f 7b 8e 65 61 2c c3 e1 5b 95 e0 83 30
   00f0 70 f1 a7 ae dd 75 16 08 c0 ab b0 90 8e 98 0d 31
   0100 48 89 ba 1c 3d 64 de 5a f5 02 01 11
 Certificate Extensions: 3
   2.16.840.1.114227.1.1.1: Flags = 0, Length = 10c
   Unknown Extension type
  
   0000 30 82 01 08 02 82 01 01 00 da 83 6a 2c 61 3b 37  0..........j,a;7
   0010 06 50 f1 a6 58 9c 78 47 4f 65 ea 53 a0 78 e9 3a  .P..X.xGOe.S.x.:
   0020 50 c5 2a 32 cd 02 a9 59 94 dd 65 a9 ea 50 fd 42  P.*2...Y..e..P.B
   0030 b9 d5 a2 c5 de 3c 97 51 0a d1 db ed 83 bf a2 d1  .....<.Q........
   0040 66 67 0e 41 ff be 15 aa b6 1a 8e f3 5d 28 4f 3c  fg.A........](O<
   0050 8f 01 1f 21 38 6b 83 14 2d 38 94 62 3c 86 50 ce  ...!8k..-8.b<.P.
   0060 99 bc 6c d1 fa 14 21 1d bb b9 97 84 ef db 80 31  ..l...!........1
   0070 cc dc 56 c5 a4 13 ca 11 15 50 32 52 e3 c3 0d e3  ..V......P2R....
   0080 e6 a1 b4 b3 96 2e 53 70 5f e0 0a 1d 3d 29 5b 53  ......Sp_...=)[S
   0090 03 ca 32 8c ca 00 47 83 b2 52 8c ea aa 69 bd dc  ..2...G..R...i..
   00a0 f3 e9 f4 43 84 79 b0 b4 0f b9 1d 37 bc d3 d7 7e  ...C.y.....7...~
   00b0 3d 98 7f 0e f3 34 4b d7 1f 75 97 e8 06 36 27 fd  =....4K..u...6'.
   00c0 74 33 b5 7c c4 fc 0f 56 9b ae 95 04 42 0d e2 7a  t3.|...V....B..z
   00d0 bd 7c 26 44 71 10 6a 5e 51 ad 4b 55 0f 17 4e 48  .|&Dq.j^Q.KU..NH
   00e0 d7 b8 0c 0d 94 a6 26 3e d5 b0 f3 92 89 00 ef 58  ......&>.......X
   00f0 4a cd 11 9c 4a 2f 4c 1b 26 17 cb e3 ec 91 7c 6f  J...J/L.&.....|o
   0100 bc d2 55 67 eb 61 64 0a ed 02 01 11        ..Ug.ad.....
  
   2.16.840.1.114227.1.1.2: Flags = 0, Length = 6
   Unknown Extension type
  
   0000 52 00 53 00 41 00                 R.S.A.
  
   2.16.840.1.114227.1.1.3: Flags = 0, Length = 6
   Unknown Extension type
  
   0000 52 00 53 00 41 00                 R.S.A.
  
 Signature Algorithm:
   Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
   Algorithm Parameters:
   05 00
 Signature: UnusedBits=0
   0000 97 68 e4 f4 c8 36 ef 9f 09 8d 41 28 42 7b 71 49
   0010 34 a8 31 fd 1b 3c 6a 33 2f 86 98 f3 02 e8 48 b5
   0020 7c cf e3 98 d2 e6 ed 5d 6b 80 76 39 0e 35 4a da
   0030 4c f3 fa 39 02 04 b4 14 40 66 2f 84 fb 14 36 b8
   0040 03 f6 b5 6b 40 6f ee 37 6d f6 99 04 2c 24 e6 44
   0050 87 1e 76 11 30 cd 14 58 33 11 7b d8 69 3a 23 3b
   0060 f4 3f c3 4f 13 f9 e4 52 26 de 51 cd 37 9e f4 ce
   0070 f0 0a e0 af 5c f9 71 1a 84 d2 cf 05 d3 cf 44 bd
   0080 57 3d 18 dd 27 0e b4 85 4d 3f 35 c6 e7 6e 63 47
   0090 02 1a 1d 83 6b c0 69 55 94 5d 67 2a 82 8f 20 cf
   00a0 32 42 52 1e b7 2f 13 62 3e 24 6f a2 4c d5 c1 9f
   00b0 4d 3f 14 aa d8 54 46 13 b0 08 dc e7 dd ae b9 72
   00c0 20 cf 6a 01 a0 e1 04 b5 d0 96 7b f4 04 87 c9 47
   00d0 66 c6 e1 df 3c c6 1b e2 49 53 51 12 2c 77 b4 02
   00e0 f1 cc c2 52 d2 02 2f 26 fa ce f3 91 6f 8d 61 c9
   00f0 11 13 a3 ea 52 0e 93 f7 0f b6 d4 9a 1d 15 5a 9e
 Signature matches Public Key
 Root Certificate: Subject matches Issuer
 Key Id Hash(sha1): 49 1f 36 d0 24 e1 2a 05 e1 af a9 14 ce 31 9c 98 53 04 53 a2
 Cert Hash(md5): 98 14 cd 87 ac 14 d0 8f a8 8f 0b 2b 3d 61 b1 bc
 Cert Hash(sha1): cb 55 5b 26 a5 98 e5 ca 22 d0 45 fc 26 3f cb 5f 91 f2 95 27

3.1.3 Management Server Certificate

Additional resources