4.1. Basic Certificate Fields

This section describes the basic certificate fields as defined in X.509 v3.

Certificate Structure

Certificate  ::=  SEQUENCE  {
     tbsCertificate       TBSCertificate,
     signatureAlgorithm   AlgorithmIdentifier,
     signatureValue       BIT STRING  }

TBSCertificate Structure

TBSCertificate  ::=  SEQUENCE  {
     version         [0]  EXPLICIT Version DEFAULT v1,
     serialNumber         CertificateSerialNumber,
     signature            AlgorithmIdentifier,
     issuer               Name,
     validity             Validity,
     subject              Name,
     subjectPublicKeyInfo SubjectPublicKeyInfo,
     issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
     subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
     extensions      [3]  EXPLICIT Extensions OPTIONAL
     }

Key Fields

Version: Certificate version (v1, v2, v3)
Serial Number: Unique identifier for the certificate
Signature: Algorithm used to sign the certificate
Issuer: DN of the certificate issuer
Validity: Time period during which the certificate is valid
Subject: DN of the certificate subject
Subject Public Key Info: Subject's public key and algorithm
Extensions: Certificate extensions (v3 only)

Certificate Structure​

TBSCertificate Structure​

Key Fields​

Certificate Structure

TBSCertificate Structure

Key Fields