Page created: 3 Jun 2021 |
Page updated: 10 Aug 2021
The server supports X.509 certificates, the most common type of certificates. RFC 5280 describes X.509v3, which provides the current version of the specification.
An X.509v3 certificate includes the following components:
- X.509 encoding version
- Enables the differentiation between an X.509v3 certificate and one that conforms to an earlier or later version of the specification.
- Serial number of the certificate
- Integer value that uniquely identifies a certificate as issued by a certification authority.
- Subject DN
- Distinguished name for the certificate, which often provides details about the context in which the certificate is to be used. For more information, see Certificate subject DNs.
- Issuer DN
- Distinguished name for the issuer certificate, which is the certificate used to sign the certificate. For a self-signed certificate, this value matches the subject DN.
- Validity window
- Indicates the timeframe during which the certificate is considered valid. This component
includes the following elements:
Specifies the earliest time at which the certificate is considered valid.
Specifies the latest time at which the certificate is considered valid.
- Public key
- Public portion of a pair of cryptographically linked keys. For more information, see Certificate key pairs.
- A type of cryptographic proof that the certificate truly was sent from the issuer and has remained unaltered. A self-signed certificate is signed with its own private key. Otherwise, it is signed with the issuer's private key.
An X.509v3 certificate might also include the following optional components:
- Subject unique ID
- Uniquely identifies the certificate. This component has been deprecated in favor of the subject key identifier extension, so it is generally omitted from X.509v3 certificates.
- Issuer unique ID
- Subject unique ID of the issuer certificate, if available. This component has been deprecated in favor of the authority key identifier extension.
- Set of extensions
- Provides additional context for the certificate and the manner in which it is used. For more information, see Certificate extensions.