A Typical Certificate

This section describes the components of a typical certificate.

Describe the contents of a typical certificate.

Contents of a Certificate

The contents of certificates supported by Netscape and many other software companies are organized according to the X.509 v3 certificate specification, which has been recommended by the International Telecommunications Union (ITU), an international standards body, since 1988. Users don't usually need to be concerned about the exact contents of a certificate. However, system administrators working with certificates may need some familiarity with the information provided here.

Every X.509 certificate consists of two sections:

  • a data section
  • a signature section

The Data Section

The data section includes the following information:
  • The version number of the X.509 standard supported by the certificate.
  • The certificate's serial number. Every certificate issued by a certificate authority (CA) has a serial number that is unique among the certificates issued by that CA.
  • Information about the user's public key, including the algorithm used and a representation of the key itself. 
  • The Distinguished Name (DN) of the CA that issued the certificate.
  • The period during which the certificate is valid (for example, between 1:00 p.m. on November 15, 1996 and 1:00 p.m. November 15, 1997)
  • The DN of the certificate subject (for example, in a client SSL certificate this would be the user's DN), also called the subject name.
  • Optional certificate extensions, which may provide additional data used by the client or server. For example, the certificate type extension indicates the type of certificate--that is, whether it is a client SSL certificate, a server SSL certificate, a certificate for signing email, and so on. Certificate extensions can also be used for a variety of other purposes.

The Signature Section

The signature section includes the following information:
  • The cryptographic algorithm, or cipher, used by the issuing CA to create its own digital signature.
  • The CA's digital signature, obtained by hashing all of the data in the certificate together and encrypting it with the CA's private key.

Sample Certificate


Figure 2.14

Top of Page
Copyright © 1999 Sun-Netscape Alliance.
All Rights Reserved.