Rate this article: (17 votes, average: 4.29)
In cryptography, X.509 is a standard format for public key certificates. A digital certificate that uses the SSL X.509 standard is regarded as an “X.509 certificate,” although you sometimes may see it referred to as an “X509 certificate.”
But what is an X509 certificate in SSL and what does it do?
In a nutshell, X.509 digital certificates include SSL/TLS, code signing, document signing and email signing certificates, etc.
X.509 certificates were first released in 1988 as a part of the International Telecommunications Union’s Telecommunication Standardization Sector (ITU-T) and the X.500 Directory Services Standard. In 1993, version 2 was made available, with two additional fields to support directory access control. The latest, version 3, was released in 1996 and defines the formatting used for certificate extensions.
X.509 certificates are used for two primary reasons:
We’ll tell you more about that momentarily. But, first, let’s talk about what constitute X.509 certificates and the encryption they help to facilitate.
Get SSL certificates that authenticate your identity and secure your site with prices that start as low as $7.02 per year!
When it comes to types of encryption methods, there are mainly two: symmetric encryption and asymmetric encryption. While there are several notable differences between these encryption methods, the biggest is the number of cryptographic keys used.
In symmetric encryption, only one key is used. This key is used for encryption as well as decryption of the message. Asymmetric encryption, on the other hand, involves two cryptographic keys that are mathematically related to each other. One key, called a public key, encrypts data and the other, called a private key, decrypts it.
A public key, as the name implies, is publicly available. So, if you encrypt the data with the public key, no one — not even the person who encrypted it — will be able do decrypt the data. Only the person with the private key will be able to decrypt it. Such encryption is used in X.509 certificates.
Whether it’s an SSL certificate, a document signing certificate or a client authentication certificate; X.509 certificates consist of three main components — a key pair, a digital signature and information about identity of issuing party and the party it’s issued to. Let’s learn about them in a bit detail:
An X.509 certificate consists of two keys, namely a public key and a private key. This key pair, depending upon the application, allows you to sign documents using the private key so that the intended person can verify the signature using the public key related to it. In the likes of SSL/TLS certificates, this key pair allows the sender to encrypt data/messages with the public key so that only the owner can decrypt the cipher text.
A digital signature is added by certificate authority (CA) to assure users that the certificate in use is genuine. In other words, digital signature provides the proof that the certificate you have been given is the exact certificate issued by a trusted CA to the website in question.
An X.509 certificate consists of information related to the party to which a certificate is issued and the identity that issued it (certificate authority). Standard information in an X509 certificate includes:
X.509 certificates consist of a hierarchy of certificates that verify the validity of a certificate’s issuer. Let us make it simpler to understand. Basically, root certificates are the base certificates that contain the signature of certificate authorities. But it’s the SSL certificate that makes the browser aware of the legitimacy of the website. Now, as you can see, there’s a gap between a root certificate and SSL certificate. This gap is filled by intermediate certificates.
Together, they form a chain of certificates from the SSL server certificate and intermediate certificate to the root certificate. In this chain, each certificate is signed by the entity identified by the next certificate in the chain. Thus, it forms not only a chain of certificates but a chain of trust as well.
X.509 certificates are used worldwide in the following applications: