A.1 Certificate Syntax (original) (raw)

Connected: An Internet Encyclopedia
A.1 Certificate Syntax

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1422
Up: A. Appendix A: ASN.1 Syntax for Certificates and CRLs

Prev: A. Appendix A: ASN.1 Syntax for Certificates and CRLs
Next: A.2 Certificate Revocation List Syntax

A.1 Certificate Syntax

A.1 Certificate Syntax

The X.509 certificate format is defined by the following ASN.1 syntax:

Certificate ::= SIGNED SEQUENCE{ version [0] Version DEFAULT v1988, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo}

Version ::= INTEGER {v1988(0)}

CertificateSerialNumber ::= INTEGER

Validity ::= SEQUENCE{ notBefore UTCTime, notAfter UTCTime}

SubjectPublicKeyInfo ::= SEQUENCE{ algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING}

AlgorithmIdentifier ::= SEQUENCE{ algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL}

The components of this structure are defined by ASN.1 syntax defined in the X.500 Series Recommendations. RFC 1423 provides references for and the values of AlgorithmIdentifiers used by PEM in the subjectPublicKeyInfo and the signature data items. It also describes how a signature is generated and the results represented. Because the certificate is a signed data object, the distinguished encoding rules (see X.509, section 8.7) must be applied prior to signing.

Next: A.2 Certificate Revocation List Syntax

Connected: An Internet Encyclopedia
A.1 Certificate Syntax