Appendix B. X.509 Digital CertificatesX.509, one of the most common formats for signed certificates, is used largely by Sun Microsystems, Microsoft, VeriSign, IBM, and many other companies for signing e-mail messages, authenticating program code, and certifying many other types of data. In its simplest form, an X.509 certificate contains the following data: The certificate format version�X.509 V1, V2, or V3. The certificate serial number. The identifier of the signature algorithm�the algorithm the CA used to sign the certificate. The identifier consists of the algorithm ID and the parameters passed to the algorithm. The X.500 name of the signer of the certificate. This entity is normally a CA. Using this certificate implies trusting the entity that signed this certificate. In some cases, such as root or top-level CA certificates, the issuer signs its own certificate.
The period of validity:
begin date and end date. Each certificate is valid for only a limited amount of time, described by a start date and time and an end date and time. This period can be as short as a few seconds or almost as long as a century.
The name of the certified entity:
The X.500 Distinguished Name of the entity whose public key the certificate identifies. This field conforms to the X.500 standard, so it is intended to be unique across the Internet (see Section 4.5.1.3 on page 120).
The public key of the certified identity:
The public key of the entity being named, together with an algorithm identifier that specifies which public-key cryptosystem this key belongs to and any associated key parameters.
The signature:
the hash code of all the preceding fields, encoded with the signer's private key. Thus, the signer guarantees that a given entity has a particular public key.
All the data in a certificate is encoded using two related standards: Abstract Syntax Notation 1 and Distinguished Encoding Rules.
|
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThanks for listing all the content of a digital certificate. I am not familiar with the encoding standards which you have mentioned. Please do share some info about it too.
ReplyDeletedigital certificates