An X.509v3 certificate includes the following components:

X.509 encoding version
Enables the differentiation between an X.509v3 certificate and one that conforms to an earlier or later version of the specification.
Serial number of the certificate
Integer value that uniquely identifies a certificate as issued by a certification authority.
Subject DN
Distinguished name for the certificate, which often provides details about the context in which the certificate is to be used. For more information, see Certificate subject DNs.
Issuer DN
Distinguished name for the issuer certificate, which is the certificate used to sign the certificate. For a self-signed certificate, this value matches the subject DN.
Validity window
Indicates the timeframe during which the certificate is considered valid. This component includes the following elements:
  • notBefore

    Specifies the earliest time at which the certificate is considered valid.

  • notAfter

    Specifies the latest time at which the certificate is considered valid.

Public key
Public portion of a pair of cryptographically linked keys. For more information, see Certificate key pairs.
Signature
A type of cryptographic proof that the certificate truly was sent from the issuer and has remained unaltered. A self-signed certificate is signed with its own private key. Otherwise, it is signed with the issuer's private key.

An X.509v3 certificate might also include the following optional components:

Subject unique ID
Uniquely identifies the certificate. This component has been deprecated in favor of the subject key identifier extension, so it is generally omitted from X.509v3 certificates.
Issuer unique ID
Subject unique ID of the issuer certificate, if available. This component has been deprecated in favor of the authority key identifier extension.
Set of extensions
Provides additional context for the certificate and the manner in which it is used. For more information, see Certificate extensions.