X.509 is a very common certificate format. All certificates conform to the ITU-T X.509 international standard, so (theoretically) a certificate created for one application can be used for any other X.509-compliant application.
All X.509 certificates contain the following data:
1. X.509 version number: indicates which version of the X.509 standard the certificate uses. The version number will affect some specific information in the certificate. The current version is 3.
2. The public key of the certificate holder: including the public key of the certificate holder, the identifier of the algorithm (indicating which cryptosystem the key belongs to), and other related key parameters.
3. The serial number of the certificate: a unique digital number assigned by the CA to each certificate. When the certificate is revoked, the certificate serial number is actually put into the CRL (Certificate Revocation List) issued by the CA. or certificate blacklist table). This is also the only reason for the serial number.
4. Subject information: The name of the certificate holder's unique identifier (or DN-distinguished name) should be unique on the Internet. The DN consists of many parts and looks like this:
CN=Bob Allen, OU=Total Network Security Division
O=Network Associates, Inc.
C=US
This information indicates the common name, organizational unit, organization and country or certificate holder for the subject. Information such as the person's name, place of service, etc.
5. Validity period of the certificate: the start date and time of the certificate and the end date and time; indicate that the certificate is valid during these two times.
6. Certification authority: The certificate issuer is the X.509 name of the unique CA of the entity that issued the certificate. Using this certificate means trusting the entity that issued the certificate. (Note: In some cases, such as root or top-level CA certificates, the issuer issues the certificate itself)
7. Issuer's digital signature: This is a signature generated using the issuer's private key to ensure that this certificate has not been issued by the issuer Edited.
8. Signature algorithm identifier: used to specify the signature algorithm used by the CA to sign the certificate. The algorithm identifier is used to specify the public key algorithm and HASH algorithm used by the CA to issue the certificate.