Format of X.509 certificate :
The general format of a X.509 digital certificate is shown in Fig:
- Version:
- It tells us the version of the certificate format. Default is version 1.
- Version 2 if Issuer or Subject Unique Identifier is present.
- Version 3 if one or more extensions are present.
- Serial Number:
- A unique number within the Certification Authority (CA) associated with the certificate.
- Signature Algorithm Identifier:
- The algorithm used to sign the certificate along with any associated parameters.
- Issuer Name:
- The X.500 name of the Certification Authority (CA) that created and signed the certificate.
- Period of Validity:
- The time frame during which the certificate is valid, specified by the start and end dates.
- Subject Name:
- The name of the user to whom the certificate refers. It certifies the public key of the subject.
- Subject’s Public Key Information:
- Includes the public key of the subject and identifies the algorithm for which this key is used, along with any associated parameters.
- Issuer Unique Identifier:
- An optional field used to uniquely identify the issuing CA.
- Subject Unique Identifier:
- An optional field used to uniquely identify the subject, especially if the X.500 name has been reused for different entities.
- Extensions:
- Introduced in version 3, extensions are additional fields providing extra information.
- Signature:
- This field covers all other fields in the certificate.
- It contains a hash code of the other fields encrypted with the CA’s private key.
- Includes the signature algorithm identifier.