Quiz Entry - updated: 2026.06.25
What are the key fields inside an X.509 certificate, and which three carry the core "identity + key + proof"?
The subject is the identity, the subjectPublicKeyInfo is the public key, and the signatureAlgorithm/signature at the bottom is the issuing CA's signature binding them together.
A typical X.509 v3 certificate contains:
- version (e.g. 3) and serialNumber — unique ID.
- issuer — the CA that issued it (e.g.
O=Hochschule Luzern, CN=ISF-CA). - validity —
notBefore/notAfterdates (the cert expires!). - subject — the identity the cert is about (e.g.
CN=www.hslu.ch). ⇐ Identity - subjectPublicKeyInfo — the algorithm + the public key itself. ⇐ Public key
- extensions — e.g.
keyUsage: digitalSignature. - signatureAlgorithm + signature value — the CA's signature over all the preceding fields. ⇐ Proof (CA signature)
Tip: Read a cert as a sentence: "The issuer swears that this subject owns this public key until this notAfter date — and here's my signature to prove it."