X.500 Standard status
X.509 Related activities
How to be involved
Tutorial section 1
Tutorial section 2
Other PKI organizations
An entity may use the public key issued by some other entity. This key may be used, for example, for verifying a digital signature or for decrypting a message encrypted by this other entity. An entity that in this way uses a public key must have some assurance that the public key is valid an have been issued by the assumed entity. An entity that is relying on the validity of a public key and its binding with an associated entity is called a relying party. This reliance is based on a public-key certificate.
A public-key certificate is an electronic document holding information about the entity that holds the public key and the corresponding private key.
Figure 4 shows a simplified picture of a public-key certificate.
A public-key certificate is issued to an entity in possession of a key-pair. The public key is placed in the public-key certificate. The distinguished name of the entity is place in the subject field. In this way, a public-key certificate provides a binding between the name of an an entity and the corresponding key-pair as identified by the public key.
Such a public-key certificate provides no real assurance unless it is issued by some trustworthy third party called a Certification Authority (CA). The distinguished name of this CA is provided in the issuer field of the public-key certificate. To prove that the public-key certificate is in fact issued by this CA, the CA signs the certificate using it own private key. The relying party needs also to be in possession of the public key of the issuing CA to be able to verify the validity of the public-key certificate.
For historical reasons, public-key certificates have gone through a development by defining new versions. The public-key certificate shown in figure 4 is a so-called version 3 public-key certificate. The version shall be provided in the version field.
Every public-key certificate issued by a CA must have a unique serial number placed in the serial number field. The serial number together with the distinguished name of the CA uniquely identify a public-key certificate.
This component identifies the signature algorithm used by the issuer to construct the signature on the certificate. This is a redundant component, as the same information is available in the signature itself. This component was included already in the first edition of X.509. As it is a mandatory component, it cannot be removed without invalidating existing implementations. RFC 5280 mandates the this component shall be equal to the algorithm identifier in the issuer's signature. The X.509 itself does not say anything on the issue.
This component hold the distinguished name of the CA that issued and signed the certificate.
Each certificate is valid only for a limited amount of time. This period is described by a start date and time and an end date and time, and can be as short as a few seconds or almost as long as a century. The validity period chosen depends on a number of factors, such as the strength of the private key used to sign the certificate or the amount one is willing to pay for a certificate. This is the expected period that entities can rely on the public value, if the associated private key has not been compromised.
This component holds the name of the entity for which the certificate is issued. It is an X.500 distinguished name. In principle this name has to be globally unique. However, there is no naming authority in place to ensure that. At least, the CA should ensure that it does not use the same name for different entities.
The Subject Alternative Name extension allows alternative names to be assigned to a subject. If this extension is present and flagged critical, the distinguished name in the subject component may be an empty name.
The public key information (subjectPublicKeyInfo) component holds the public key associated with the subject entity. It holds information about the encryption algorithm for which this key is to be used.
To avoid having to continuously changing the format of the certificate, the concept of extensions have been developed. An extension allows a new fields or characteristics of a certificate to be developed by giving it an object identifier identifying the type of extension and the actual new field. The format and relevant defined extensions are given on X.509 Extensions page.