Browser 1. Find certificate of www.google.com find out which algorithms are used for hashing. 2. Download corresponding CRL. 3. Open CRL and check its content. Connecting to SSL Services (s_client) 4. Connect to www.fi.muni.cz. 5. Check certificate path. 6. Connect to www.google.cz and save cert to GOOGLE.crt. Format transformations (x509) 7. Decode certificate GOOGLE.crt. 8. Convert a certificate from PEM to DER format. 9. Convert a certificate from DER to PEM format. Cert (x509) 10. Create CSR (certificate signing request) from existing key. 11. Check the content of CSR. 12. Create new cert from existing cert. 13. Create self signed cert(x509 or req). Revocation (s_client, ) 14. Checking OCSP Revocation 1. Obtain the certificate that you wish to check for revocation (s_client). 2. Obtain the issuing certificate. 3. Determine the URL of the OCSP responder(x509). 4. Submit an OCSP request and observe the response(ocsp).