Edit

Certificate Properties

  • Article

Certificate Services supports the use of certificates as defined in the ITU-T recommendation X.509 (also, ISO/IEC 9594-8). The following are properties that are contained in a standard X.509 certificate.

Field Description
Version Version number of the certificate format.
Serial Number Serial number of the certificate. This number is assigned by the issuer and is unique within the issuer's list of issued certificates.
Algorithm Identifier and Parameters Signature algorithm and any parameters used by the issuer.
Issuer Name of the certification authority which issued the certificate.
Not Before (Date) Certificate not valid before this date.
Not After (Date) Certificate not valid after this date.
Subject Name Name of the person or entity to whom the certificate is being issued. This field can also include the certificate recipient's organization, organization unit, locality, state or province, and country/region.
Subject Public Key Algorithm and Parameters The algorithm and any parameters used for the subject's public key.
Subject Public Key The actual public key (a bit string).
Signature Signature as provided by the issuer.

 

A certificate can contain the following items, depending on the X.509 version of the certificate.

Optional field Description
Issuer Unique ID Used to make the issuer name unambiguous if it has been used by more than one entity. Present only in versions X.509 2.0 or later.
Subject unique ID Used to make the subject name unambiguous if it has been used by more than one entity. Present only in X.509 2.0 or later.
Extensions For specifying any desired custom properties. Any number of extension fields can be included in the certificate. Present only in version X.509 3.0.

 

Note

Microsoft Certificate Services issues X.509 version 3 certificates.

 

Name Properties