Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006 Installation Manual page 815

43.1.2 X.509 Certificates
An X.509 certificate is a data structure with several fixed fields and, optionally, addi-
tional extensions. The fixed fields mainly contain the name of the key owner, the public
key, and the data relating to the issuing CA (name and signature). For security reasons,
a certificate should only have a limited period of validity, so a field is also provided
for this date. The CA guarantees the validity of the certificate in the specified period.
The CPS usually requires the PKI (the issuing CA) to create and distribute a new cer-
tificate before expiration.
The extensions can contain any additional information. An application is only required
to be able to evaluate an extension if it is identified as critical. If an application does
not recognize a critical extension, it must reject the certificate. Some extensions are
only useful for a specific application, such as signature or encryption.
Table 43.1 shows the fields of a basic X.509 certificate in version 3.
Table 43.1 X.509v3 Certificate
Field
Version
Serial Number
Signature
Issuer
Validity
Subject
Subject Public Key Info
Issuer Unique ID
Subject Unique ID
Content
The version of the certificate, for example, v3
Unique certificate ID (an integer)
The ID of the algorithm used to sign the certificate
Unique name (DN) of the issuing authority (CA)
Period of validity
Unique name (DN) of the owner
Public key of the owner and the ID of the algorithm
Unique ID of the issuing CA (optional)
Unique ID of the owner (optional)
Managing X.509 Certification 815