Introduction
X.509
provides authentication services and defines authentication protocols. X.509
uses X.500 directory which contains: Public key certificates and public key of
users signed by certification authority.
X.509
certificate format is used in S/MIME, IP Security, and SSL/TLS. X.509 is based
on the use of public-key cryptography (preferably RSA) and digital signatures.
Figure: X.509 Certificate Format |
Version:
Differentiates among successive versions of the certificate format; the default
is version 1. Two other versions (2 and 3) are also available as shown in the
figure.
Serial
number: An integer value, unique within the issuing CA, different for
each certificate.
Signature
algorithm identifier: The algorithm used to sign the certificate,
together with any associated parameters. Ex., sha256RSA
Issuer
name: X.500 name of the CA that created and signed this
certificate.
Period of
validity: Consists of two dates: the first and last on which the certificate is
valid.
Subject
name: The name of the user to whom this certificate refers.
Subject's
public-key information: The public key of the subject, plus an identifier of
the algorithm for which this key is to be used, together with any associated
parameters.
Issuer
unique identifier: An optional bit string field used to identify
uniquely the issuing CA in the event the X.500 name has been reused for
different entities.
Subject
unique identifier: An optional bit string field used to identify
uniquely the subject in the event the X.500 name has been reused for different
entities.
Extensions: A set of
one or more extension fields.
Signature: Covers
all of the other fields of the certificate; it contains the hash code of the
other fields, encrypted with the CA's private key. This field includes the
signature algorithm identifier.
Purpose of X.509 Certificate
The main purpose of Digital certificates (SSL/TLS Certificates), is to identify people and resources over networks such as the Internet & also to provide secure, confidential communication between two parties using encryption.
Summary of X.509 Certificate
Figure: Summery of X.509 Certificate |
To learn more about X.509 Certificate Format, Click here
Watch more videos click here.
No comments:
Post a Comment