X.509 certificates contain several required and optional attributes that enable the identification of the subject. The following list of attributes can be contained in an X.509 certificate:

• Version number: Certificate version (see Note below)
• Serial number: Unique identifier
• Signature algorithm ID: Algorithm used to create the digital signature
• Issuer name: Name of the certificate issuer
• Validity period: Period during which the certificate is valid. This is typically set to be around one year.
• Subject name: Name of the Subject represented by the certificate. The subject of a certificate is typically a person, an organization or a web/application server.
• Subject public key information: Public key, algorithm
• Issuer unique identifier: Identifier for the Issuer
• Subject unique identifier: Identifier for the subject
• Extensions: Extensions that can be used to store additional information (KeyUsage, AlternativeNames, etc.)
• Signed hash of the certificate data: hash of the above fields encrypted using the issuer’s private key, resulting in a digital signature

Note: Different versions (version 1, 2, or 3) of X.509 certificates that have evolved over time to provide additional security and attributes bound to the certificate. In practice, only version 3 certificates should now be used.

Microsoft Confidential. © 2005 Microsoft Corporation. All rights reserved. By using or providing feedback on these materials, you agree to the attached license agreement.