Certificates

X.509 standard: It is what defines the format of digital certificates, as well as a certificate revocation list or CRL

  • The fields defined in an X.509 certificate are; ​
  • the version, what version of the ​X.509 standard the certificate adheres to. ​
  • Serial number, a unique ​identifier for the certificate assigned by the CA, ​which allows the CA to manage ​and identify individual certificates. 
  • Certificates signature algorithm. ​This field indicates what ​public key algorithm is used for ​the public key and ​what hashing algorithm is used to sign the certificate.
  • ​Issuer name. This field contains ​information about the authority ​that sign the certificate. ​
  • Validity. This contains two subfields, ​Not Before and Not After, ​which define the dates when the certificate is valid for. 
  • ​Subject. This field contains identifying ​information about the entity ​the certificate was issued to.
  • Subject public key info. ​These two subfields define the algorithm of ​the public key along with the public key itself. ​
  • Certificates signature algorithm, ​same as the subject public key and field, ​these two fields must match. 
  • ​Certificate signature value, ​the digital signature data itself. ​
  • There are also certificate fingerprints ​which aren’t actually fields in the certificate itself, ​but are computed by clients when ​validated or inspecting certificates.

 ​Alternative to the centralized PKI model of establishing ​trust and binding identities ​is what’s called the web of trust.  Web of trust: It is where individuals instead of certificate authorities sign other individuals’ public keys  Pasted image 20260702141030  For more information about this topic from this Video Lecture, check out the following link. The X.5029 standard is what defines the format of digital certificates.