Sample X.509 Certificate

The following figure illustrates a sample X.509 version 3 certificate for Joe Buck at the Acme corporation.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:02:03:04:05:06:07:08
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=Florida, O=Acme, Inc., OU=Security, CN=CA Authority/emailAddress=ca@acme.com
        Validity
            Not Before: Aug 20 12:59:55 2013 GMT
            Not After : Aug 20 12:59:55 2013 GMT
        Subject: C=US, ST=Florida, O=Acme, Inc., OU=Sales, CN=Joe Buck
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public Key: (1024 bit)
                    Modulus (1024 bit):
                        00:be:5e:6e:f8:2c:c7:8c:07:7e:f0:ab:a5:12:db:
                        fc:5a:1e:27:ba:49:b0:2c:e1:cb:4b:05:f2:23:09:
                        77:13:75:57:08:29:45:29:d0:db:8c:06:4b:c3:10:
                        88:e1:ba:5e:6f:1e:c0:2e:42:82:2b:e4:fa:ba:bc:
                        45:e9:98:f8:e9:00:84:60:53:a6:11:2e:18:39:6e:
                        ad:76:3e:75:8d:1e:b1:b2:1e:07:97:7f:49:31:35:
                        25:55:0a:28:11:20:a6:7d:85:76:f7:9f:c4:66:90:
                        e6:2d:ce:73:45:66:be:56:aa:ee:93:ae:10:f9:ba:
                        24:fe:38:d0:f0:23:d7:a1:3b
                    Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Alternative Name:
                email:joe.buck@acme.com
    Signature Algorithm: md5WithRSAEncryption
        a0:94:ca:f4:d5:4f:2d:da:a8:6d:e3:41:6e:51:83:57:b3:b5:
        31:95:32:b6:ca:7e:d1:4f:fb:01:82:db:23:a0:39:d8:69:71:
        31:9c:0a:3b:ce:f6:c6:e2:5c:af:23:f0:d7:ee:87:3e:8a:7b:
        40:03:39:64:a1:8c:29:7d:5b:99:93:fa:23:19:e1:e4:ac:4d:
        13:0f:de:ad:51:27:e3:4e:4b:9f:40:4c:05:fd:f2:82:09:3e:
        46:05:f0:ad:cc:f7:78:25:3e:11:f8:ca:b6:df:f7:37:57:9b:
        63:00:d0:b5:b5:18:ec:38:73:d2:85:a3:c7:24:21:47:ee:f2:
        8c:0d

Note

The contents of a certificate file does not look like the information in this figure, which is produced by a certificate utility that uses the certificate file as input. Certificates can be saved in multiple file formats, so their file contents will look very different.

Certificate Fields

A certificate is composed of many fields.

The following table describes the main certificate fields.

Field or Section	Description
Version	X.509 certificates come in two versions: 1 and 3.
Serial Number	CA is required to provide each certificate it issues a unique serial number. The serial number is not unique for all certificates, only for the certificates issued by each CA.
Issuer	DN name of the CA that issued the certificate.
Validity	Starting and ending date for which this certificate is valid.
Subject	Identity of the certificate. A certificate may identify a person or a computer. In this case, the certificate identifies Joe Buck in the Sales organization of the Acme company in the state of Florida in the United States.
Public Key	Public key associated with the certificate identity.
X509v3 Extensions	X.509 version 3 introduced this section so that additional certificate fields may be added. In this case, the identity's email address is included as a Subject Alternative Name field. Note This section is not available in X.509 version 1.
Signature	CA's digital signature of the certificate.