What is X.509 certificate?

In a network that uses the concept of public and private keys for encrypting data, X.509 certificates define a standard of encryption for packets sent over the internet. It is a digital certificate that proves the ownership of a public key.

Encrypted connections, such as SSL Encryption, use this public essential encryption standard for authentication.

Content

An X.509 certificate includes the following information:

  • Serial number of the certificate

  • Identity of the owner

  • Validity of the certificate

  • The issuer of the certificate

  • Public key

  • Signature of the issuer

The following is an example of an X.509 certificate:

Educative's X.509 certificate

How to issue certificates

X.509 certificates are signed by trusted third parties called Certificate Authorities (CA). Therefore, the contents of a certificate signed by a CA can always be trusted.

The client generates a new key pair
1 of 7

How to verify the certificates

Here's how clients verify certificates:

Server shares its digital certificate with the client
1 of 4

Here's a brief explanation for the illustration shown above:

  1. At the start of the TLS/SSL connection, the server shares its certificate (containing its public key) with the client.

  2. The client verifies the server's public key by checking the certificate's validity with a CA.

  3. After the certificate has been validated, the client can continue sending information to the server.

Though, this isn't always the case. Sometimes certificates are compromised; in this case, the certificate authority adds the leaked certificate to a revocation listA list of revoked certificates that are not to be trusted..

Compromised certificates

Below is a step-by-step illustration of the process when an X.509 certificate is compromised:

A man-in-the-middle steals the bank's secret key and certificate
1 of 5

Need for the X.509 certificates

X.509 certificates are required to ensure that the entity we are reaching out to is the one we want to contact. For this very purpose, their public key is required to encrypt the data to be sent, which can only be decrypted by them using their private keys.

In the worst-case scenario, if someone else was to pose as the entity that a user wants to contact and provide them with a fake public key, the unsuspecting user would send the packet over the internet encrypted with the fake public key, hence giving access to the third party of the contents inside the encrypted packet.

Free Resources

Copyright ©2024 Educative, Inc. All rights reserved

Learn in-demand tech skills in half the time

PRODUCTS

Mock Interview

New

Courses

Skill Paths

Projects

Assessments

TRENDING TOPICS

Learn to Code

Tech Interview Prep

Generative AI

Data Science

Machine Learning

GitHub Students Scholarship

Early Access Courses

Blind 75

Layoffs

Pricing

For Individuals

Try for Free

Gift a Subscription

CONTRIBUTE

Become an Author

Become an Affiliate

Earn Referral Credits

RESOURCES

Blog

Cheatsheets

Webinars

Answers

ABOUT US

Our Team

Careers

Hiring

Frequently Asked Questions

Contact Us

Press

LEGAL

Privacy Policy

Cookie Policy

Terms of Service

Business Terms of Service

Data Processing Agreement

INTERVIEW PREP COURSES

Grokking the Modern System Design Interview

Grokking the Product Architecture Design Interview

Grokking the Coding Interview Patterns

Machine Learning System Design

Tiktok Streamline Icon: https://streamlinehq.com

Copyright ©2024 Educative, Inc. All rights reserved.

soc2