Overview
X.509 is a standard format for public key certificates, digital documents that securely associate cryptographic key pairs with identities. These certificates are widely used in SSL/TLS, code signing, and digital signatures. X.509 certificates contain information about the key owner, the public key itself, and the digital signature of the certificate authority.
Technical Details
Certificate Structure
- Version number
- Serial number
- Signature algorithm
- Issuer name
- Validity period
- Subject name
- Public key info
- Extensions
Key Features
- Public key infrastructure
- Digital signatures
- Chain of trust
- Certificate revocation
Common Uses
- HTTPS/SSL/TLS
- Email encryption
- Code signing
- Document signing
Examples
Certificate Example
-----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoSXzUH pQNn1U8aTO5g6Xk1GzPjglVLQ== -----END CERTIFICATE-----
Implementation
OpenSSL Example
# Generate a private key
openssl genrsa -out private.key 2048
# Generate a certificate signing request
openssl req -new -key private.key -out request.csr
# Generate a self-signed certificate
openssl x509 -req -days 365 -in request.csr -signkey private.key -out certificate.crt
# View certificate details
openssl x509 -in certificate.crt -text -noout
# Convert between formats
openssl x509 -in certificate.crt -outform DER -out certificate.der
openssl x509 -in certificate.der -inform DER -out certificate.pem