🔐

X.509 Digital Certificates Overview

Jun 21, 2025

Overview

This lecture examines the X.509 digital certificate standard, its fields, revocation mechanism, and compares centralized public key infrastructure (PKI) with decentralized web of trust models.

X.509 Certificate Standard

  • X.509 defines the format for digital certificates and certificate revocation lists (CRLs).
  • First issued in 1988; current version is X.509 v3.
  • Defines how certificates are structured and validated.

X.509 Certificate Fields

  • Version: Indicates the X.509 version of the certificate.
  • Serial Number: Unique number assigned by the Certificate Authority (CA).
  • Certificate Signature Algorithm: Specifies the public key and hashing algorithms used.
  • Issuer Name: Identifies the CA that signed the certificate.
  • Validity: Includes "not before" and "not after" dates specifying certificate validity period.
  • Subject: Contains the identity information of the certificate holder.
  • Subject Public Key Info: States the public key algorithm and the public key.
  • Certificate Signature Value: The digital signature authenticating the certificate.
  • Certificate fingerprints: Hash digests of the certificate, computed by clients during validation (not a field in the certificate).

Certificate Revocation

  • Certificate Revocation List (CRL): A list of revoked certificates distributed to clients.

Web of Trust

  • Web of trust is a decentralized alternative to PKI for establishing trust.
  • Individuals sign each other's public keys after verifying identity, vouching for ownership.
  • Signing is reciprocal, often performed at key signing parties where all participants cross-verify identities.
  • The web of trust grows as more members connect and trust is extended through new relationships.

Key Terms & Definitions

  • X.509 — A standard for digital certificate format and associated processes.
  • Certificate Authority (CA) — Entity that issues and manages digital certificates.
  • Certificate Revocation List (CRL) — A published list of invalidated certificates.
  • Web of Trust — Decentralized trust model where individuals sign each other's keys after verification.

Action Items / Next Steps

  • Review the structure and fields of X.509 certificates.
  • Understand differences between PKI and web of trust trust models.
  • Prepare for potential key signing exercises or discussions.

View note sourcehttps://d3c33hcgiwev3.cloudfront.net/V8XR1-z3RyuVq3zy4w7lTg.processed/full/720p/index.mp4?Expires=1750636800&Signature=DLCOIBRSmXwlMTHEWTs-IcTy8HVc7jRHzk~ge2tSEMIdm~dhnTM3xH0vmjSIstT-tREfHMmfVx2YuKE2mXzkURuTn596eADrHMYWIRbh-UGsY7PJ9Wlozp7LRPO4e2AEv2JSW6xh6imu4sAv-8nGpvAjskXQJYqiEW5D3QxdqBs_&Key-Pair-Id=APKAJLTNE6QMUY6HBC5A