X.509

Description Glossary RFCs Publications Obsolete RFCs

Description:

Type:Digital certificate format.
URI:
MIME subtype:
SNMP MIBs:
Working groups: pkix, Public-Key Infrastructure (X.509).
Links:

RFC 2459:

ITU-T X.509 (formerly CCITT X.509) or ISO/IEC/ITU 9594-8, which was first published in 1988 as part of the X.500 Directory recommendations, defines a standard certificate format. The certificate format in the 1988 standard is called the version 1 (v1) format. When X.500 was revised in 1993, two more fields were added, resulting in the version 2 (v2) format. These two fields may be used to support directory access control.

The Internet Privacy Enhanced Mail (PEM) RFCs, published in 1993, include specifications for a public key infrastructure based on X.509 v1 certificates. The experience gained in attempts to deploy RFC 1422 made it clear that the v1 and v2 certificate formats are deficient in several respects. Most importantly, more fields were needed to carry information which PEM design and implementation experience has proven necessary. In response to these new requirements, ISO/IEC/ITU and ANSI X9 developed the X.509 version 3 (v3) certificate format. The v3 format extends the v2 format by adding provision for additional extension fields. Particular extension field types may be specified in standards or may be defined and registered by any organization or community. In June 1996, standardization of the basic v3 format was completed.

ISO/IEC/ITU and ANSI X9 have also developed standard extensions for use in the v3 extensions field. These extensions can convey such data as additional subject identification information, key attribute information, policy information, and certification path constraints.


Glossary:

CA, Certification Authority.
The entity named in the issuer field of a certificate.

Root CA.
A CA that is directly trusted by an end entity.

Subordinate CA.
A CA that is not a root CA for the end entity in question.


RFCs:

[RFC 2560] X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP.

[RFC 2585] Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP.

[RFC 3029] Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols.

[RFC 3161] Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP).

[RFC 3279] Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.

[RFC 3280] Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.

[RFC 3281] An Internet Attribute Certificate Profile for Authorization.

[RFC 3647] Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework.

[RFC 3709] Internet X.509 Public Key Infrastructure: Logotypes in X.509 Certificates.

[RFC 3739] Internet X.509 Public Key Infrastructure: Qualified Certificates Profile.

[RFC 3779] X.509 Extensions for IP Addresses and AS Identifiers.

[RFC 3820] Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile.

[RFC 4043] Internet X.509 Public Key Infrastructure Permanent Identifier.

[RFC 4059] Internet X.509 Public Key Infrastructure Warranty Certificate Extension.

[RFC 4158] Internet X.509 Public Key Infrastructure: Certification Path Building.

[RFC 4210] Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP).

[RFC 4211] Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF).

[RFC 4212] Alternative Certificate Formats for the Public-Key Infrastructure Using X.509 (PKIX) Certificate Management Protocols.

[RFC 4262] X.509 Certificate Extension for Secure/Multipurpose Internet Mail Extensions (S/MIME) Capabilities.

[RFC 4325] Internet X.509 Public Key Infrastructure Authority Information Access Certificate Revocation List (CRL) Extension.

[RFC 4523] Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 Certificates.


Publications:


Obsolete RFCs:

[RFC 2459] Internet X.509 Public Key Infrastructure Certificate and CRL Profile.

[RFC 2510] Internet X.509 Public Key Infrastructure Certificate Management Protocols.

[RFC 2511] Internet X.509 Certificate Request Message Format.

[RFC 2527] Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework.

[RFC 2528] Internet X.509 Public Key Infrastructure. Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Public Key Infrastructure Certificates.

[RFC 2559] Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2.

[RFC 2587] Internet X.509 Public Key Infrastructure LDAPv2 Schema.

[RFC 3039] Internet X.509 Public Key Infrastructure Qualified Certificates Profile.


Description Glossary RFCs Publications Obsolete RFCs