A digital certificate is a digital form of identification, like a passport. A digital certificate provides information about the identity of an entity. A digital certificate is issued by a Certification Authority (CA). Examples of trusted CA across the world are Verisign, Entrust, etc. The CA guarantees the validity of the information in the certificate.

A typical X.509 standard digital certificate has the following format:

An X.509 certificate contains information about the identity to which a certificate is issued and the identity that issued it. Standard information in an X.509 certificate includes:

Version: which X.509 version applies to the certificate (which indicates what data the certificate must include)

Serial number: the identity creating the certificate must assign it a serial number that distinguishes it from other certificates

Algorithm information: the algorithm used by the issuer to sign the certificate

Issuer distinguished name: the name of the entity issuing the certificate (usually a certificate authority)

Validity period of the certificate: the period of time for which the certificate is valid with the start/end date.

Subject distinguished name: the name of the identity the certificate is issued to

Subject public key information the public key associated with the identity

Extensions (optional)

Many of the certificates that people refer to as Secure Sockets Layer (SSL) certificates are in fact X.509 certificates.

The first X.509 certificates were issued in 1988 as part of the International Telecommunications Union's Telecommunication Standardization Sector (ITU-T) and the X.500 Directory Services Standard. In 1993, version 2 added two fields to support directory access control. Version 3 was released in 1996 and defines the formatting used for certificate extensions.