Tuesday, November 9, 2021

X.509 Certificate Format | Purpose of X.509 Certificate | Different version of X.509 Certificate

 

Introduction

X.509 provides authentication services and defines authentication protocols. X.509 uses X.500 directory which contains: Public key certificates and public key of users signed by certification authority.

X.509 certificate format is used in S/MIME, IP Security, and SSL/TLS. X.509 is based on the use of public-key cryptography (preferably RSA) and digital signatures.


Figure: X.509 Certificate Format

Version: Differentiates among successive versions of the certificate format; the default is version 1. Two other versions (2 and 3) are also available as shown in the figure.

Serial number: An integer value, unique within the issuing CA, different for each certificate.

Signature algorithm identifier: The algorithm used to sign the certificate, together with any associated parameters. Ex., sha256RSA

Issuer name: X.500 name of the CA that created and signed this certificate.

Period of validity: Consists of two dates: the first and last on which the certificate is valid.

Subject name: The name of the user to whom this certificate refers.

Subject's public-key information: The public key of the subject, plus an identifier of the algorithm for which this key is to be used, together with any associated parameters.

Issuer unique identifier: An optional bit string field used to identify uniquely the issuing CA in the event the X.500 name has been reused for different entities.

Subject unique identifier: An optional bit string field used to identify uniquely the subject in the event the X.500 name has been reused for different entities.

Extensions: A set of one or more extension fields.

Signature: Covers all of the other fields of the certificate; it contains the hash code of the other fields, encrypted with the CA's private key. This field includes the signature algorithm identifier.

 

Purpose of X.509 Certificate

The main purpose of Digital certificates (SSL/TLS Certificates), is to identify people and resources over networks such as the Internet & also to provide secure, confidential communication between two parties using encryption.


Summary of X.509 Certificate

Figure: Summery of X.509 Certificate

To learn more about X.509 Certificate Format, Click here

   Watch more videos click here.

No comments:

Post a Comment