What is X.509 Certificate?
An X.509 certificate is any certificate in accordance with the X.509 specification standard for Public Key Infrastructure and Privilege Management Infrastructure (PMI), which was proposed by the International Telegraph Union Telecommunication Standardization Sector (ITU-T) for formats to be standardized for:
- Attribute certificates
- Public key certificates
- Certificate revocation lists
- Certification validation algorithms
These certificates are used for identity verification and for the transmission of encrypted data that only the owner (person, organization or software) of a particular certificate can decrypt and read.
X.509 certificates serve as secure identifiers, digital passports that contain information about the owner. The certificate is tied to a public key value that is assigned to the identity contained in the certificate. This tells the application or server that the entity trying to access it is legitimate, known, and should be allowed access. The certificate contains information on the subject of a certificate (the owner) and the issuer Certification Authority (CA).
X.509 certificates contain:
- Owner information or Distinguished Name (DN)
- Public key associated with the subject
- Version information
- Serial number of the certificate
- Another unique name that identifies the issuer of the certificate (CA)
- CA digital signature
- Information on the algorithm for creating the digital certificate
To ensure the validity of the certificate, it must be signed by a certification authority, which is a trusted node that confirms the integrity of the public key value contained in the certificate. The certificate is signed by the CA by adding a digital signature that is encoded with the certification authority's private key. The certification authority has a declared public key that is known to all supporting applications and devices, which then validate a certificate by decoding the digital signature within the certificate using the CA's public key.