The server supports X.509 certificates, the most common type of certificates. RFC 5280 describes X.509v3, which provides the current version of the specification.
An X.509v3 certificate includes the following components:
- X.509 encoding version
- Enables the differentiation between an X.509v3 certificate and one that conforms to an earlier or later version of the specification.
- Serial number of the certificate
- Integer value that uniquely identifies a certificate as issued by a certification authority.
- Subject DN
- Distinguished name for the certificate, which often provides details about the context in which the certificate is to be used. For more information, see Certificate subject DNs.
- Issuer DN
- Distinguished name for the issuer certificate, which is the certificate used to sign the certificate. For a self-signed certificate, this value matches the subject DN.
- Validity window
- Indicates the timeframe during which the certificate is considered valid. This
component includes the following elements:
Specifies the earliest time at which the certificate is considered valid.
Specifies the latest time at which the certificate is considered valid.
- Public key
- Public portion of a pair of cryptographically linked keys. For more information, see Certificate key pairs.
- A type of cryptographic proof that the certificate truly was sent from the issuer and has remained unaltered. A self-signed certificate is signed with its own private key. Otherwise, it is signed with the issuer's private key.
An X.509v3 certificate might also include the following optional components:
- Subject unique ID
- Uniquely identifies the certificate. This component has been deprecated in favor of the subject key identifier extension, so it is generally omitted from X.509v3 certificates.
- Issuer unique ID
- Subject unique ID of the issuer certificate, if available. This component has been deprecated in favor of the authority key identifier extension.
- Set of extensions
- Provides additional context for the certificate and the manner in which it is used. For more information, see Certificate extensions.