These are some of the most common fields in certificates. Most certificates contain a number of fields not listed here. Note that in terms of a certificate’s X.509 representation, a certificate is not “flat” but contains these fields nested in various structures within the certificate.
- Serial Number: Used to uniquely identify the certificate within a CA’s systems. In particular this is used to track revocation information.
- Subject: The entity a certificate belongs to: a machine, an individual, or an organization.
- Issuer: The entity that verified the information and signed the certificate.
- Not Before: The earliest time and date on which the certificate is valid. Usually set to a few hours or days prior to the moment the certificate was issued, to avoid clock skew problems.
- Not After: The time and date past which the certificate is no longer valid.
- Key Usage: The valid cryptographic uses of the certificate’s public key. Common values include digital signature validation, key encipherment, and certificate signing.
- Extended Key Usage: The applications in which the certificate may be used. Common values include TLS server authentication, email protection, and code signing.
- Public Key: A public key belonging to the certificate subject.
- Signature Algorithm: The algorithm used to sign the public key certificate.
- Signature: A signature of the certificate body by the issuer’s private key.
Leave a Reply