LOGBOOK

HELP

Quiz Entry - updated: 2026.06.25

What are the key fields inside an X.509 certificate, and which three carry the core "identity + key + proof"?

The subject is the identity, the subjectPublicKeyInfo is the public key, and the signatureAlgorithm/signature at the bottom is the issuing CA's signature binding them together.

A typical X.509 v3 certificate contains:

  • version (e.g. 3) and serialNumber — unique ID.
  • issuer — the CA that issued it (e.g. O=Hochschule Luzern, CN=ISF-CA).
  • validitynotBefore / notAfter dates (the cert expires!).
  • subjectthe identity the cert is about (e.g. CN=www.hslu.ch). ⇐ Identity
  • subjectPublicKeyInfo — the algorithm + the public key itself. ⇐ Public key
  • extensions — e.g. keyUsage: digitalSignature.
  • signatureAlgorithm + signature valuethe CA's signature over all the preceding fields. ⇐ Proof (CA signature)

Tip: Read a cert as a sentence: "The issuer swears that this subject owns this public key until this notAfter date — and here's my signature to prove it."

From Quiz: ISF / Intercepting & Proxy Tools | Updated: Jun 25, 2026