01-X.509
Last modified by Bin Chen on 2019/12/22 03:54
The contents of a digital certificate typically include the following:
- Information about the subject a.k.a. Subject Name - "subject" refers to the site represented by the cert.
- Information about the certificate issuer/certificate authority (CA) - The CA is the body that issued and signed the certificate. More about this shortly
- Serial number - this is the serial number assigned by the issuer to this certificate. Each issuer must make sure each certificate it issues has a unique serial number.
- Version - the X.509 version used by a given certificate. These days, you'll usually find version 3.
- Validity period - certs aren't meant to last forever. The validity period defines the period over which the cert can still be deemed trustworthy.
- Signature - This is the digital signature of the entire digital certificate, generated using the certificate issuer's private key
- Signature algorithm - The cryptographic signature algorithm used to generate the digital signature (e.g. SHA-1 with RSA Encryption)
- Public key information - Information about the subject's public key. This includes: ◾the algorithm (e.g. Elliptic Curve Public Key),
- the key size (e.g. 256 bits),
- the key usage (e.g. can encrypt, verify, derive), and
- the public key itself