Sample X.509 Certificate
Sample X.509 Certificate
The following figure illustrates a sample X.509 version 3 certificate for Joe Buck at the Acme corporation.
Certificate: Data: Version: 3 (0x2) Serial Number: 01:02:03:04:05:06:07:08 Signature Algorithm: md5WithRSAEncryption Issuer: C=US, ST=Florida, O=Acme, Inc., OU=Security, CN=CA Authority/emailAddress=ca@acme.com Validity Not Before: Aug 20 12:59:55 2013 GMT Not After : Aug 20 12:59:55 2013 GMT Subject: C=US, ST=Florida, O=Acme, Inc., OU=Sales, CN=Joe Buck Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:be:5e:6e:f8:2c:c7:8c:07:7e:f0:ab:a5:12:db: fc:5a:1e:27:ba:49:b0:2c:e1:cb:4b:05:f2:23:09: 77:13:76:57:08:29:45:29:d0:db:8c:06:4b:c3:10: 88:e1:ba:5e:6f:1e:c0:2e:42:82:2b:e4:fa:ba:bc: 45:e9:98:f8:e9:00:84:60:53:a6:11:2e:18:39:6e: ad:76:3e:76:8d:1e:b1:b2:1e:07:97:7f:49:31:35: 25:55:0a:28:11:20:a6:7d:85:76:f7:9f:c4:66:90: e6:2d:ce:76:45:66:be:56:aa:ee:93:ae:10:f9:ba: 24:fe:38:d0:f0:23:d7:a1:3b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Alternative Name: email:joe.buck@acme.com Signature Algorithm: md5WithRSAEncryption a0:94:ca:f4:d5:4f:2d:da:a8:6d:e3:41:6e:51:83:57:b3:b5: 31:95:32:b6:ca:7e:d1:4f:fb:01:82:db:23:a0:39:d8:69:71: 31:9c:0a:3b:ce:f6:c6:e2:5c:af:23:f0:d7:ee:87:3e:8a:7b: 40:03:39:64:a1:8c:29:7d:5b:99:93:fa:23:19:e1:e4:ac:4d: 13:0f:de:ad:51:27:e3:4e:4b:9f:40:4c:05:fd:f2:82:09:3e: 46:05:f0:ad:cc:f7:78:25:3e:11:f8:ca:b6:df:f7:37:57:9b: 63:00:d0:b5:b5:18:ec:38:76:d2:85:a3:c7:24:21:47:ee:f2: 8c:0d
Note
The contents of a certificate file does not look like the information in this figure, which is produced by a certificate utility that uses the certificate file as input. Certificates can be saved in multiple file formats, so their file contents will look very different.
Certificate Fields
A certificate is composed of many fields.
The following table describes the main certificate fields.
Field or Section | Description |
---|---|
Version | X.509 certificates come in two versions: 1 and 3. |
Serial Number | CA is required to provide each certificate it issues a unique serial number. The serial number is not unique for all certificates, only for the certificates issued by each CA. |
Issuer | DN name of the CA that issued the certificate. |
Validity | Starting and ending date for which this certificate is valid. |
Subject | Identity of the certificate. A certificate may identify a person or a computer. In this case, the certificate identifies Joe Buck in the Sales organization of the Acme company in the state of Florida in the United States. |
Public Key | Public key associated with the certificate identity. |
X509v3 Extensions | X.509 version 3 introduced this section so that additional certificate fields may be added. In this case, the identity's email address is included as a Subject Alternative Name field. Note This section is not available in X.509 version 1. |
Signature | CA's digital signature of the certificate. |