Sample X.509 Certificate
Sample X.509 Certificate
The following figure illustrates a sample X.509 version 3 certificate for Joe Buck at the Acme corporation.
Note
The contents of a certificate file does not look like the information in this figure, which is produced by a certificate utility that uses the certificate file as input. Certificates can be saved in multiple file formats, so their file contents will look very different.
Certificate Fields
A certificate is composed of many fields.
The following table describes the main certificate fields.
Field or Section |
Description |
|---|---|
Version |
X.509 certificates come in two versions: 1 and 3. |
Serial Number |
CA is required to provide each certificate it issues a unique serial number. The serial number is not unique for all certificates, only for the certificates issued by each CA. |
Issuer |
DN name of the CA that issued the certificate. |
Validity |
Starting and ending date for which this certificate is valid. |
Subject |
Identity of the certificate. A certificate may identify a person or a computer. In this case, the certificate identifies Joe Buck in the Sales organization of the Acme company in the state of Florida in the United States. |
Public Key |
Public key associated with the certificate identity. |
X509v3 Extensions |
X.509 version 3 introduced this section so that additional certificate fields may be added. In this case, the identity's email address is included as a Subject Alternative Name field. Note This section is not available in X.509 version 1. |
Signature |
CA's digital signature of the certificate. |