mail us  |  mail this page

contact us
training  | 
tech stuff  | 

X509 (SSL) Certificate Training

Duration: 1 day. The course assumes a basic knowledge of LDAP terminology such as attributes, OIDs and ASN.1 or that participants have taken the 2 day LDAP Basic course.

La formation est aussi disponible en français.


What are most frequently referred to as SSL certificates are, correctly, named X.509 Certificates. X.509 is one of the DAP series of X.500 standards on which Lightweight Directory Access Protocol (LDAP) is based. The terminology and concepts used in X.509 certificates are exactly th same as that used in LDAP. Some of the horrendous confusion and inconsistency that arises when working with X.509 (SSL) certificates comes from an incomplete understanding of the underlying LDAP/DAP terminology and technology.


Participants will learn about the purpose, terminolgy and organization of X.509 certificates and their position in the chain of trust used to verify public keys. Certificate Authorities (CAs) and the bewidering array of certificate types commecially available are discussed as well as certificate chains and bundles. The TLS handshake protocol phase is outlined to show the use of X.509 certificates (in server, client and mutual authentication). Certificate protocols including verification methods (OCSP) are discussed as well as server techniques used to optimize the process. The major fields of the certificate and the optional V3 extensions are covered (with special emphasis on Subject and subjectAltName). Certificate (PEM and DER) and container formats (PCKS) are covered. Finally, openssl is used as a hands-on example of creation of certificate requests, self-signed certicates and various certificate chaining processes.


The course is intended for personnel involved in security including administrators responsible for certificates, security designers, programmers and support staff involved in debugging security issues.

About the Instructor

Ron Aitchison is the author of Pro DNS and BIND (Apress ISBN 1-59059-494-0). Ron has been involved in communications and networking for more years than he cares to admit and is president and founder of Zytrax, Inc. a company specializing in IP communications (wired and wireless), systems development, training and consulting in Montreal, Canada. He has been involved with Open Source for over 15 years and is the primary author of Tech Stuff, DNS for Rocket Scientists, LDAP for Rocket Scientists and Survival guides - TLS/SSL and SSL (X.509) Certificates available as free resources for the community.


Module 1: X.509 Background and Theory

Module 2: X.509 Detail

Module 3: X.509 Creation and Manipulation

This is mostly a hands on section using OpenSSL.

Other courses: DNS Training, X.509 (SSL) Certificate Training, LDAP Training.


training home
dns training
ldap training
x.509 (ssl) certs
on-site training
on-line training
client list


dns guide
ldap guide
RSS Feed Icon

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C standards compliant browser such as those available from firefox

Zytrax Services

Tech Stuff Pages
Open Guides




Icons made by Icomoon from is licensed by CC 3.0 BY
share page via facebook tweet this page


email us Send to a friend feature print this page Display full width page Decrease font size Increase font size


CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2024 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
hosted by
web-master at zytrax
Page modified: January 20 2022.