Basic certificate fields

From
Jump to navigation Jump to search

Basic Certificate Fields

  The X.509 v3 certificate basic syntax is as follows.  For signature
  calculation, the certificate is encoded using the ASN.1 distinguished
  encoding rules (DER) [X.208].  ASN.1 DER encoding is a tag, length,
  value encoding system for each element.
  Certificate  ::=  SEQUENCE  {
       tbsCertificate       TBSCertificate,
       signatureAlgorithm   AlgorithmIdentifier,
       signatureValue       BIT STRING  }
  TBSCertificate  ::=  SEQUENCE  {
       version         [0]  EXPLICIT Version DEFAULT v1,
       serialNumber         CertificateSerialNumber,
       signature            AlgorithmIdentifier,
       issuer               Name,
       validity             Validity,
       subject              Name,
       subjectPublicKeyInfo SubjectPublicKeyInfo,
       issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                            -- If present, version shall be v2 or v3
       subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                            -- If present, version shall be v2 or v3
       extensions      [3]  EXPLICIT Extensions OPTIONAL
                            -- If present, version shall be v3
       }
  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
  CertificateSerialNumber  ::=  INTEGER
  Validity ::= SEQUENCE {
       notBefore      Time,
       notAfter       Time }
  Time ::= CHOICE {
       utcTime        UTCTime,
       generalTime    GeneralizedTime }
  UniqueIdentifier  ::=  BIT STRING
  SubjectPublicKeyInfo  ::=  SEQUENCE  {
       algorithm            AlgorithmIdentifier,
       subjectPublicKey     BIT STRING  }
  Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
  Extension  ::=  SEQUENCE  {
       extnID      OBJECT IDENTIFIER,
       critical    BOOLEAN DEFAULT FALSE,
       extnValue   OCTET STRING  }