On certificates...

Russell Bateman
December 2010
last update:

Here's some disparate information on how certificates work. The point is to evolve this one day into a useful document, but for now, we're just collecting information.

Links

Internal structure of an X.509 v3 certificate

How public encryption works (step-by-step)

The following is "sort-of" how it works.

Setting up use of a certificate by Subversion

Because of the issuing authority, my Subversion work could only make use of a certificate generated by Internet Explorer; this file's name ends in .pfx.

Generate the certificate, an activity that is browser-based involving the web site of the issuing authority or an intermediary. To create the certificate, the instructions from my authority were very simple: take all the defaults.

Then, to generate the certificate file, perform the following steps in Internet Explorer 8.

  1. Tools -> Internet Options -> Content -> (Certificates section) -> Certificates. Select the certificate to use (the one just generated) and click Export.
  2.  
  3. Click Next and then Yes, export the private key. (This is because you're going to use this certificate to shake hands with a Subversion server.)
  4.  
  5. Click Next -> Next then type in a password. Don't use your primary, highly secure password if you're going to note this inside the Subversion servers configuration file. On Linux, this is ~/.subversion.
  6.  
  7. Click Next. Click Browse to the place in your filesystem where you wish to put the certificate file and name the file.
  8.  
  9. Click Next -> Finish. Your confirmation that this has worked will be an alert, Certificate Export Wizard, that says "The export was successful." Dismiss the alert and wind back to Internet Explorer. The file size will generally be in the neighborhood of 3K.

The instructions for Firefox are similar if you can use a certificate done via that browser.