V3 certificate Field Explanation

One, what is the certificate?

In complex terms, the International Telecommunication Union (ITU-T) has established the digital certificate standard. In order to provide the public network user directory information Service, the ITU established the X.500 series standard in 1988. Among them, X.500 and the core of the security authentication system, X.500 defines a naming tree to ensure the uniqueness of the user name, and the X.500 provides a communication entity authentication mechanism for the user name, and defines the widely applicable certificate syntax and data interface in the entity identification process, which is known as the certificate.

In a nutshell, the system standard for a digital certificate, which standardizes a common, flexible certificate format. The X.500 is part of the standard series, and in the development of PKI, it has played an incomparable role, and its rich certificate carries information that makes it the most popular certificate storage format.

Two, what is LDAP?

LDAP, whose full name is the Lightweight Directory Access Protocol, is the Lightweight directory accessing protocol. It is based on the X.500 standard, but it is much simpler and can be customized as needed. LDAP is not a database but a protocol used to access information stored in an information directory (that is, an LDAP directory). That is, "by using LDAP, you can read (or store) data in the right place in the information directory," and LDAP is primarily optimized for data read performance. Unlike X.500, LDAP supports TCP/IP, which is necessary for accessing the Internet.

Third, what fields are there in the X509 V3 certificate format? (written in English, because the working environment is English, you need to translate the Chinese language can be)

1. Subject. Provides the name of the computer, user, network device, or service that the CA issues the certificate to. The subject name is commonly represented by using a X.500 or lightweight Directory Access Protocol (LDAP) format.

2. Serial number. Provides a unique identifier for each certificate a CA issues.

3. Issuer. Provides a distinguished name for the CA, that issued the certificate. The issuer name is

Commonly represented by using a X.500 or LDAP format.

4. Valid from. Provides the date and time when the certificate becomes valid.

5. Valid to. Provides the date and time when the certificate is no longer considered valid.

6. Public Key. Contains the public key of the key pair, which is associated with the certificate.

7. Subject Key Identifier. The public key identity of user subject which are used to distinguish different

Key pairs of one certificate owner.

8. Authority Key Identifier. Authority ' s public key identity.

9. Subject Alternative name. A subject can is presented in many different formats.

CRL Distribution Points (CDP). When a user, service, or computer presents a certificate, an application or service must determine whether the CE Rtificate has been revoked before it validity period has expired.

Authority Information Access (AIA). The AIA extension provides one or more URLs from where an application or service can retrieve the issuing CA certificate.

thumbprint algorithm. The algorithm used to derive Hash message.

thumbprint . The signature applied to the certificate a Hash message by issuer or CA.

14.Enhanced Key Usage (EKU). This attribute includes an object identifier (OID) for each application or service a certificate can is used for.

15.Certificate policies. Describes what measures an organization takes to validate the identity of a certificate requestor before it issues a Certi Ficate.

The certificate format is not fully written, but it is generally sufficient. If I write something wrong, please leave a message.

V3 certificate Field Explanation