Change search
ReferencesLink to record
Permanent link

Direct link
DANE with OpenSSL: PKIX certificate authentication throughDNS using OpenSSL
Uppsala University, Disciplinary Domain of Science and Technology, Mathematics and Computer Science, Department of Information Technology.
2012 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]


X.509 is an ITU standard for a public key infrastructure (PKI), which specifies, among other things, formats for public key certificates, certificate requests, certificate revocation lists and certification path validation algorithm. The X.509 standard was primarily designed to support the X.500 structure. However, today’s use cases centre mostly on the Internet. IETF’s Public-Key  Infrastructure (X.509) working group has adapted the standard to the requirements and structure  of the Internet. RFC 5280 specifies the PKIX Certificate and CRL Profile of the X.509v3 certificate standard. PKIX certificates are used for validating the identity or identities of the communicating parties, and optionally establishing secure keying material for protection  of a message or a communications channel. Authentication and establishment of a secure communications channel on top of TCP with the Transport Layer Security protocol (TLS, RFC 5247) or the Secure Sockets Layer protocol (SSL) is probably the most common application of PKIX on the Internet. The IETF is converging on a standard for integration of X.509 Public Key Infrastructure with DNS and DNSSEC (DANE). In order to reach wide adoption, the concept must be validated through interoperability tests between multiple independent implementations.


An implementation of the DANE standard has been demonstrated  through an extension to the OpenSSL library. All use cases in the DANE standard has been validated to work as documented in the standard.


The DANE standard is implementable and reaches the results it sets out to achieve.

Place, publisher, year, edition, pages
IT, 12 027
National Category
Engineering and Technology
URN: urn:nbn:se:uu:diva-176749OAI: diva2:537024
Educational program
Bachelor Programme in Computer Science
Available from: 2012-06-28 Created: 2012-06-25 Last updated: 2012-06-28Bibliographically approved

Open Access in DiVA

fulltext(461 kB)581 downloads
File information
File name FULLTEXT02.pdfFile size 461 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Department of Information Technology
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 581 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 368 hits
ReferencesLink to record
Permanent link

Direct link