Home / About / Glossary / A - F

Certificate

A Certificate is used to reliably connect a Public Key with a particular individual or system (a Subject) so that people/systems (Relying Parties) wanting to Encrypt data for or verify a Digital Signature from that Subject are sure they are using the correct Public Key. X.509 was the original the standard by the ITU-T to define the structure and contents of Certificates. More recently, the IETF released RFC3280 (http://tools.ietf.org/html/rfc3280), which provides a good reference for Certificate contents and usage. Certificates are issued by Certificate Authorities and typically contain the following fields:

  1. Valid From (notBefore) – The issue date of the Certificate. The Certificate should not be used for Encryption prior to this Date. In addition, any Digital Signatures applied prior to this date with the Private Key that corresponds to the Certificate should not be considered valid.
  2. Valid To (notAfter) – The date the Certificate expires (see Expiration Date).
  3. Subject DN – The fully distinguished name of the Subject (the individual or system the Certificate is issued to and whose Public Key is contained in the Certificate).
  4. Issuer DN – The fully distinguished name of the Certificate Authority
  5. Serial Number – A unique identifier for the Certificate from the CA. The combination of the Serial Number and the Issuer DN should allow the Certificate to be identified versus all other Certificates.
  6. Public Key – The Public Key of the Subject.
  7. Signature – The Digital Signature of the CA on the Certificate. This is what Relying Parties used to verify that the Certificate was issued by the CA.
  8. Extensions – X.509 v3 allows for standard and proprietary extensions to be added to Certificate which contain additional information that may be useful to Relying Parties. Examples of extensions include Key Usage (what types of operations the Public Key and Certificate be used for, such as data encryption, CA, digital signature), Subject Alternative Names (names in addition to the Subject DN that the Subject may be identified by), and CRL Distribution Points.
Media Resources
    */ ?>