Cryptography Tutorials - Herong's Tutorial Examples - v5.41, by Herong Yang
X.509 Certificate Standard
This section describes the X.509 certificate standard - An international standard that defines what should be included in a digital certificate.
X.509 is an international standard for what should be included in a digital certificate. Here is the definition from webpedia.com:
A widely used standard for defining digital certificates. X.509 (Version 1) was first issued in 1988 as a part of the ITU X.500 Directory Services standard. When X.509 was revised in 1993, two more fields were added resulting in the Version 2 format. These two additional fields support directory access control. X.509 Version 3 defines the format for certificate extensions used to store additional information regarding the certificate holder and to define certificate usage. Collectively, the term X.509 refers to the latest published version, unless the version number is stated.
X.509 is published as ITU recommendation ITU-T X.509 (formerly CCITT X.509) and ISO/IEC/ITU 9594-8 which defines a standard certificate format for public key certificates and certification validation. With minor differences in dates and titles, these publications provide identical text in the defining of public-key and attribute certificates.
My understanding of X.509 is that a certificate is required to have the following information:
The content structure of a Version 3 X.509 certificate should look like this:
Certificate: Data: Version: 3 (0x2) Serial Number: 1185572113 (0x46aa6511) Signature Algorithm: dsaWithSHA1 Issuer: C=CA, ST=Herong State, L=Herong City, ... Validity Not Before: Apr 1 21:35:13 2007 GMT Not After : Jun 30 21:35:13 2007 GMT Subject: C=CA, ST=Herong State, L=Herong City, ... Subject Public Key Info: Public Key Algorithm: dsaEncryption DSA Public Key: pub: 00:b0:61:2b:c1:88:0e:19:66:58:37:b5:... ... P: 00:fd:7f:53:81:1d:75:12:29:52:df:4a:... ... Q: 00:97:60:50:8f:15:23:0b:cc:b2:92:b9:... ... G: 00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:... ... Signature Algorithm: dsaWithSHA1 30:2c:02:14:6c:21:f3:43:b5:4f:d5:3d:2e:23:89:45:0... ...
X.509 defines how a certificate contents should be written. But it does not define how certificate contents should be encoded to store in files.
Two commonly used encoding schemas are used to store X.509 certificates in files, DER and PEM, as described in next sections.
Table of Contents