X.509 Certificate
What is X.509 Certificate?
X.509 CertificateA standard structure for a digital certificate that binds a public key to an identity through a signature from a trusted certificate authority.
X.509 is the ITU-T standard that defines the syntax of public-key certificates used across the internet, including TLS, S/MIME, code signing and IPsec. A certificate contains the subject's distinguished name, public key, serial number, validity period, issuer, signature algorithm, the issuer's signature and a set of extensions such as Subject Alternative Name, Key Usage, Extended Key Usage, Basic Constraints, and CRL/AIA distribution points. Relying parties build a path from the certificate up to a trusted root, verifying each signature, validity period, name constraints and revocation status. Version 3 is the format used today, encoded in DER and typically distributed in PEM form.
● Examples
- 01
A TLS certificate issued for www.example.com with SAN entries for example.com and api.example.com.
- 02
A code-signing X.509 certificate used to sign Windows installer packages.
● Frequently asked questions
What is X.509 Certificate?
A standard structure for a digital certificate that binds a public key to an identity through a signature from a trusted certificate authority. It belongs to the Network Security category of cybersecurity.
What does X.509 Certificate mean?
A standard structure for a digital certificate that binds a public key to an identity through a signature from a trusted certificate authority.
How do you defend against X.509 Certificate?
Defences for X.509 Certificate typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for X.509 Certificate?
Common alternative names include: Digital certificate, PKI certificate.