WHITE
PAPER
About Certificates
X . 509 is a standard for digital certificates in Public Key Infrastructure ( PKI ). Such certificates can serve as an electronic proof of authenticity or identity . They are commonly used e . g . for encrypted communication via https , OPC UA , or MQTT or for encrypting and signing emails . The standard defines the structure and contents of X . 509 certificates in detail : On top of identity information about the user , this includes a version number and the certificate ’ s serial number , the algorithms used , information about the holder ’ s public key , the digital signature of the Certificate Authority ( CA ), and any extensions . This format has made X . 509 the accepted standard for PKI certificates .
The certificate is only one link at the end of a whole PKI chain . The chain represents a hierarchy flowing down from a root certificate at its top link . Every entity that signs and authenticates certificates is called a CA and confirms that the certificate in question goes with the public key of the person , device , or service that has sent the request . Therefore , CAs play a key part in the entire process . They can create and authenticate and even revoke certificates , and they need to manage them , make them available in public databases , and record all steps in the certification process . In the real world , a CA would act like a public servant issuing passports : A citizen comes in and confirms their identity , a passport is printed , and it is bound to that person with his or her passport photo and digitized fingerprints . In fact , modern passports include a digital certificate and a private key , fully merging both scenarios discussed here .
Typical Uses of the X . 509 Standard and Digital Certificates
• Establishing encrypted https connections and sharing data between web server and web browser
• Encrypting and signing emails with the S / MIME standard
• Digitally signing digital documents
• Digitally signing software
• Authenticating a participant in communication
• Establishing a Virtual Private Network ( VPN ) and encrypted file sharing
• Proving identity ( digital ID cards )
Root CA
Signs the certificate of
|
Trusts |
|
X . 509 |
Intermediate CA |
Signs the certificate of |
Trusts |
X . 509 |
Trusts |
End point |
Users
Certified by
Uses
X . 509
4