Contents of Certificates

A certificate contains the following information:

subject name
The name of the principal for whom the certificate was issued. This is the name under which the certificate contents will be read by users.

issuer name
The principal name of the issuer of the certificate, a CA (certifying authority) authorized to issue certificates for the subject.

version number
Identifies the X.509 format version of the certificate.

serial number
The certificate serial number, used to identify certificates in certificate revocation lists (CRLs).

start time
The time from which the certificate's contents are considered to be valid.

end time
The time until which the certificate's contents are valid.

signature algorithm
An OID (object identifier) that identifies the algorithm used to encrypt the certificate signature.

parameters
Any parameters necessary to pass to the signature verification algorithm.

signature
A checksum of the certificate data, encrypted under the certificate issuer's private key, successful verification of which, by means of the issuer's public key, constitutes authentication of the certificate.

subject
The public key that is to be associated with the subject of the certificate (named by "subject name'').

subject UUID
(Optional) A UUID that identifies the certificate subject.

issuer
(Optional) A UUID that identifies the issuer of the certificate.

The most important ingredients of a certificate are: the principal name which it is stored under; the public key which it contains; and the signature of the CA that issued it. These can be illustrated as shown in the following figure.

The Essential Parts of a Certificate