Name (CN)

This field contains the name of the applicant as it was transmitted to the CA with the application for the certificate.

This may sometimes include the email address in the following form

Email: john.doe@mycompany.tld

. Generally, however, email addresses are no longer accepted as "CN".

Email address

Email address of the applicant. This can also be a collective address (shared mailbox).

Org. unit (OU)

Organisational unit, such as a department name, e.g. "Accounting"

Organisation (O)

Specifies the organisation for which the certificate was issued, for example

My Company Corporation

Locality (L)

Location, for example a town like "Neuenhof" or also a partial building like

Plant 2

State (ST)

Federal state, canton, province or similar, for example

Paradigm State

Country (C)

Country, for example

com

for "commercial"

Serial no.

Serial number of the certificate

Name (CN)

Name of the issuing certification authority

Email address

Generally, this is an email address for support enquiries to the issuer

Org. unit (OU)

Specifies an organisational unit of the issuer

Organisation (O)

Specifies the issuing organisation

Locality (L)

Indicates the location of the issuer

State (ST)

Indicates a federal state, canton, province or similar where the issuer is located

Country (C)

Specifies the country where the issuer is located

Serial no.

Serial number of the certificate

Issued on

Issue date of the certificate

Expires on

Expiration date of the certificate

SHA1

SHA1 fingerprint of the certificate

Example:

D8:CF:CC:47:84:92:A9:F0:7E:2A:15:E8:2E:4F:CA:26:5C:60:10:E9

SHA256

SHA265 fingerprint of the certificate

Example:

83:06:F6:84:34:C2:E7:79:50:47:7B:EC:32:B7:22:13:FD:1F:9C:41:B4:B4:F9:C3:AB:85:12:AA:6B:1E:D2:BE

S/MIME signing

digitalSignature/digital signature

S/MIME encryption

keyEncipherment/key encryption

CA certificate

keyCertSign/certificate signature

Allow decryption

By default, this option is active.

Shows whether this certificate is used for decrypting emails to the applicant (Issued to).

By default, all certificates available for the user are used for decryption.

Allow signing

By default, this option is active.

Shows whether this certificate may be used for signing. In general, the key with the longest validity period is used for signing emails (see also Mail Processing Ruleset generator Signing Outgoing e-mails third note). However, if certificates are to be explicitly excluded from this, this can be done at this point.

Signature algorithm

Shows the signature algorithm of the certificate, for example

•md5WithRSAEncryption

•sha1WithRSAEncryption

•sha256WithRSAEncryption

Key type

Displays the crypto system with which the key has been generated.

Generally, this is RSA.

Key size

Shows the key length.

Generally, only key lengths of 2048 bit and more are used.

Last certificate check

Displays the point in time of the last certificate check (via CRL or OCSP).

With the button Check now... you can force an immediate check of the revocation information.

Last successful certificate check

Displays the date of the last successful OCSP and/or CRL check.

Last check result

Displays the result of the last certificate check.

OCSP URI

Outputs the authority information access (abbreviated AIA) - i.e. the OCSP path.

This item is only visible if the extension authority information access is set in the certificate.

CRL URI

Outputs the crlDistributionPoint (distribution point for revocation lists), i.e. the location under which the CRL is made available.

This item is only visible if the extension crlDistributionPoint is set in the certificate.

Public/private key

Specifies which keys are included, private, public or both.

Key origin

Shows which CA signed the public key.