The security of information systems is based on certain tools and standards, in particular on asymmetric encryption with public and private keys, as well as on “digital passports.” This passport is an electronic certificate that associates a public encryption key with a natural or legal person. This association establishes a standard, the “x509 standard”, on two pillars – a source of secure exchanges and data privacy on the web, upon which the foundation of trust required for digital exchanges rests. We also talk about the x.509 certificate or system x509. But what is it exactly? And what is its role within the framework of the SSL protocol for data security between a website and an Internet user?
What is X509 Certificate?
The x.509 certificate is not quite a certificate as such, but a standard authorization certificate issued by a public key certificate making it possible to specify formats. This establishes a standard format for certifications and for authentication path validation algorithms.
When you visit a website, your browser (Chrome, Firefox, Safari, Edge, etc.) alerts you to the level of security in different ways: green address, presence of padlock, etc. To provide you with this information, it “secures” the x509 certificate on the page. In short, it refers to any certificate operating under the x509 standard for public keys. It is a passport giving information about the certificate holder.
Created as part of the x500 standard in 1988, the x509 certificate was defined by the International Telecommunications Union (ITU, an organization for the standardization of information systems). It now helps users to identify secure connections by creating a dual key linking a specific user to the certificate require. More precisely, its role is in associating an identity with a public key, and in guaranteeing the validity of this association, through a certification authority that confirms its signature. The X509 standard is thus based on a hierarchical system (certification chain): the user must rely on the authority, or authority (originator, intermediary, issuer), validated the certificate.
SSL / TLS certificates are not the only applications that depend on the x509 specification. It is also used for electronic signature, for authentication, within the framework of S / MIME, IPSec, SET or SSH protocols, for time stamping purposes, etc.
Structure of an x509 certificate.
Certificates are complex electronic files. They are usually divided into two parts: on the one hand, the information contained in the certificate, on the other, the signature of the certification authority. This structure is standardized by the x509 standard which means that similar information is found regardless of the certificate. To know:
- Certificate version.
- Serial number.
- Certification authority name that validates it (unique name).
- Validity start and end date.
- Purpose of using certificate.
- Information about public keys (encryption algorithms and public keys).
- Specific identifier of the signer and / or certificate holder (optional).
- Extension for certificate (optional).
- Certificate issuer signature.
- Signature algorithm.