Certificate consists of fields and a set of extensions (version 3). Structure of fields is linear, though some fields may contain other structure.
Version. There are three versions of certificates: 1, 2 and 3, numbered as 0, 1 and 2. Version 1 supports only the basic fields; Version 2 adds unique identifiers, which represent two additional fields; Version 3 adds extensions. Most certificates are in version 3.
Signature Algorithm. This field specifies the algorithm that is used to sign the certificate. The algorithm is located within the certificate, so the certificate has been protected by the signature.
Serial Number. Initially the serial numbers have been identified as positive integers that uniquely identifies a certificate issued by a certificate authority. Then additional requirements have been added, helps to protect against attacks on the signature certificates; serial numbers should be random and today contain at least 20 bits of entropy.
Issuer. This field contains the distinguished name (DN) of the certificate issuer. This is a complex field, which can contain many different components, depending on the object.
Validity. A time when the certificate is valid. The field contains two values: the start date and end date.
Public key. The field containing the public key, provided by the structure of the Subject Public-Key Info. Public-key algorithms are defined in RFC 3279.
Subject. This dedicated object name associated with the public key, for which the certificate is issued. Self-signed certificates have the same DN in the fields Subject and Issuer. Today, the Subject field is out of date. Instead, it uses an extension Subject Alternative Name.
Do you need SSL certificates? The store of certificates entrusted by years and millions of visitors — LeaderSSL. Buy a certificate from a trusted brand.
Comments