Security.com

X.509 certificate

By Alexander S. Gillis

What is an X.509 certificate?

An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.

A public key is a large numerical value used to encrypt data or check the legitimacy of a digital signature. A PKI, moreover, is the underlying framework that enables entities like users and servers to securely exchange information using digital certificates.

The X.509 certificate is a safeguard against malicious network impersonators. When a certificate is signed by a trusted authority, or is otherwise validated, the device holding the certificate can validate documents. It can also use a public key certificate to secure communications with a second party.

The X.509 certificate is defined by the International Telecommunication Union's Telecommunication Standardization Sector (ITU-T).

In cryptography, the X.509 certificate securely associates cryptographic key pairs of public and private keys with websites, individuals or organizations. The certificate is typically used to manage identity and security in computer networking and over the internet. For the internet, it is used in numerous protocols to ensure a malicious website doesn't fool a web browser. The X.509 certificate is also used to secure email, device communications and digital signatures.

The X.509 standard is based on Abstract Syntax Notation One, an interface description language. An X.509 certificate contains an identity and a public key. It binds an identity -- such as an individual or hostname -- to a public key with a digital signature. The signature is either made by a trusted certificate authority (CA) or is self-signed. Some digital certificates can also be automated.

X.509 certificate fields

An X.509 certificate contains information about the identity to which the certificate is issued and the identity that issued it. Standard information in an X.509 certificate includes the following:

Applications of X.509 certificates

Common applications of X.509 certificates include the following:

Benefits of X.509 certificates

Potential benefits that come with X.509 certificates include the following:

History of X.509 certificates

The first X.509 certificates were issued in 1988 as part of the ITU-T and the X.500 directory services standard. The current version, version 9, was defined in October 2019.

As more versions came out, more certificate fields were added or refined. For example, in 1993, version 2 added two fields to support directory access control, as well as subject and issuer unique identifiers. The X.509 version 3 certificate was released in 1996 and defines the formatting used for certificate extensions. It also was used by the Internet Engineering Task Force in the development of its own X.509 Public Key Infrastructure Certificate and Certificate Revocation List, or CRL, Profile standard.

Learn about digital certificates and how an automated version of certificate management can help retain IT talent.

17 Jun 2022

All Rights Reserved, Copyright 2000 - 2024, TechTarget | Read our Privacy Statement