CSR Formats, X.509 Standard, and more...

Sat, 02 May 2026 07:07:33 +0530

What are X.509 certificates? Link to heading

A X.509 is the standard certificate format of signed certificate which contains details like the server’s public key, the domain name it’s valid for, who issued it, how long it’s valid etc.

You don’t really need to memorize the structure, but the idea is that every certificate on the internet follows the same blueprint, so browsers know exactly where to look for things like the public key, issuer, and signature. It’s what makes the whole system interoperable.

The Chain of Trust: Signing TLS

Sat, 25 Apr 2026 18:23:33 +0530

The Trust Problem Link to heading

If you haven’t been following along, this is part of the series Encryption in Transit.

So far, everything sounds nice in theory. You and a server has a public key, you use it to create a pre-computed symmetric key and talk securely, done.

But, how do you even know that public key belongs to the server you think it does? Link to heading

Like, imagine you’re trying to connect to your bank. You ask for its public key, and you get a response containing the public key. Cool. But how do you know it’s really the bank you’re talking to? What if there is an actual attacker sitting and intercepting every request you make to your bank? Which means if you go to bank.com it is actually an attacker trying to portray itself as bank.com and never letting your request reach to the ACTUAL bank.com. In this case, they can just hand you their public key, you happily encrypt everything with it, and now they’re reading all your traffic while pretending to be the bank.

CSR on DevLogs

CSR Formats, X.509 Standard, and more...

What are X.509 certificates? Link to heading

The Chain of Trust: Signing TLS

The Trust Problem Link to heading

But, how do you even know that public key belongs to the server you think it does? Link to heading