Appendix B - The X.509 Certificate

The X.509 protocols include a structure for public-key certificates. A CA assigns a unique name to each user and issues a signed certificate containing this name and the user's public key. The following diagram shows an X.509 certificate.

X.509 Certificate

These are the meanings for each field.

Field Meaning

Version Identifies the certificate format.

Serial Number Is unique to the CA.

Algorithm Identifier Identifies the algorithm used to sign the certificate, together with any necessary parameters.

Issuer The name of the CA.

Period of Validity A pair of dates. The certificate is valid during the time period between the two.

Subject The name of the user.

Subject's Public Key Contains the public key algorithm name, any necessary parameters, and the public key.

Signature The CA's signature.

Field	Meaning
Version	Identifies the certificate format.
Serial Number	Is unique to the CA.
Algorithm Identifier	Identifies the algorithm used to sign the certificate, together with any necessary parameters.
Issuer	The name of the CA.
Period of Validity	A pair of dates. The certificate is valid during the time period between the two.
Subject	The name of the user.
Subject's Public Key	Contains the public key algorithm name, any necessary parameters, and the public key.
Signature	The CA's signature.