FAQ & Glossary
- How do I upload a PEM certificate and KDM key?
- To upload a PEM certificate and KDM key, navigate to the PEM vs KDM, click "Choose File," select your certificate and KDM (ctrl + click), and then click "Upload."
- What is a KDM file?
- A KDM (Key Delivery Message) file contains encryption keys and is used in digital cinema to control the playback of encrypted content.
- Issuer:
- The authority that issued the certificate, verifying the identity of the certificate holder and signing the certificate to attest its validity.
- Subject:
- The entity whose identity the certificate certifies. This can be an individual, a device, or an organization.
- CN (Common Name):
- Represents the entity's name within the certificate. For digital cinema, this often includes the serial number or identifier of the playback server or device.
- OU (Organizational Unit):
- Denotes the department or division of an organization, providing an additional layer of organizational detail in the certificate.
- O (Organization):
- Specifies the legal entity that owns the certificate, typically the organization's full legal name.
- KDM (Key Delivery Message):
- A KDM file contains encryption keys and is used in digital cinema to control the playback of encrypted content.
- X509 Certificate:
- A digital certificate that uses the international X.509 public key infrastructure standard to verify that a public key belongs to the entity described in the certificate.
- PEM (Privacy Enhanced Mail):
- A Base64 encoded DER certificate. PEM certificates are often used to encapsulate the public key of a certificate and are recognizable by the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" tags.
- SM (Security Manager):
- Typically refers to a component within a digital cinema playback server responsible for managing security, including the management of encryption keys.
- SPB (Secure Playback):
- Related to the SM, SPB is commonly found in certificates used by digital cinema servers to ensure secure playback of content.
Certificate Components Explained
Issuer: The authority that issued the certificate, verifying the identity of the holder and signing the certificate to attest its validity.
Example: dnQualifier="Yjjul0jcrmX8wcXp+4VNbkiLlQY=", CN=.signer_dcine_christie, OU=Christie Digital Systems, O=ca.christiedigital.com
Subject: The entity whose identity the certificate certifies. This can be an individual, a device, or an organization.
Example: dnQualifier="AG9NJYwpSLkB+CnKVQT852Bbc1I=", CN=SM.Christie.IMB-S3.2D210041DF7A, OU=Christie Digital Systems, O=ca.christiedigital.com
CN (Common Name): Represents the entity's name within the certificate. For Players this includes SM/Player serial (Security Manager).
Example: Christie IMB-S3 CN=SM.Christie.IMB-S3.2D210041DF7A
Doremi IMS-3000 SPB MD FM SM.Dolby-IMS3000_CID1002_SMPTE-378684
OU (Organizational Unit): Denotes the department or division of an organization, providing an additional layer of organization detail.
O (Organization): Specifies the legal entity that owns the certificate, typically the organization's full legal name.