Version

The X.509 version 1 certificate was defined in 1988. Its advanced age means you rarely see version 1 certificates in networking. The exceptions are some of the older root certificates and older Exchange Key Management Service (KMS) deployments. The X.509 version 1 format defines the certificate fields, as shown in Figure 2-1.

Figure 2-1 The X.509 version 1 certificate fields

An X.509 version 1 certificate contains the following fields:

■ Version. Contains a value indicating that the certificate is an X.509 version 1 certificate.

■ Serial Number. Provides a numeric identifier that is unique for each CA-issued certificate.

■ CA Signature Algorithm. The name of the algorithm the CA uses to sign the contents of a digital certificate. Figure 2-1 shows the fields included when cre ating the digital signature.

■ Issuer Name. The distinguished name of the certificate's issuing CA. Typi cally, the distinguished name is represented in an X.500 or distinguished name format specified in the X.509 specification and Request for Comment (RFC) 3280, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revo cation List (CRL) Profile."

■ Validity Period. The range of time for which the certificate is considered valid. In some offerings, the validity period is split into two fields: Valid From and Valid To.

■ Subject Name. The name of the computer, user, network device, or service represented by the certificate. Typically, the subject name is represented in an X.500 or distinguished name format specified in the X.509 specification, but it can include other name formats, such as an RFC 822, "Standard for the Format of ARPA Internet Text Messages," e-mail name format.

■ Subject Public Key. The public key of the certificate holder. The public key is provided to the CA in a certificate request and is included in the issued cer tificate. This field also contains the public key algorithm identifier, which indi cates which public key algorithm is used to generate the key pair associated with the certificate.

■ Signature Value. Contains the signature value that results from the CA signa ture algorithm used to sign the digital certificate.

In a version 1 certificate, the Issuer Name and Subject Name fields allow certif icates to be organized into a chain of certificates that starts at the certificate issued to a user, computer, network device, or service and terminates with a root CA cer tificate.

Note Certificate chaining is fully discussed in Chapter 9, "Certificate Validation."

Was this article helpful?

0 0

Post a comment