X.509 certificate is a public key with an identity of party and is signed by a certificateauthority or is self-signed. Thus, in other words the X.509 certificate is a digital certificatethat uses X.509 public key infrastructure (PKI) standard to verify that a public key belongs tothe user, computer or any service identity. The verification of this certification has to be doneby the Certificate Authorities (CA). Therefore, an individual or party uses public key forsecure communication and trusts the CA to sufficiently verify the identities of the party towhich it issued certificates.The basic structure of X.509 certificate is as follows: -Version (Marked as X.509v3 or v4 or v5)Serial numberIssuer NameValid From (Start time)Valid To (End time)Subject nameSubject public keyExtensions (added in X.509v3)(optional)Extra identification information, usageconstraints and policies.Usually either the subject name or the issuer and serial number identifies the certificate.Validity field indicates when certificate renewal fee is due.Example of a Typical certificate• Version = X.509v3• Serial Number = 123212• Issuer Name = Himal Ojha• Valid From = 20/1/18• Valid to = 20/1/19• Subject Name = Bijesh Raj Kunwar• Public Key = RSA public keyKey Terms in the StructureVersion – Provides us the information of which version of X.506 certification is in use. It canbe marked as X.509v3, even if v4 or v5.Serial Number – A unique identifier for every certificate that the CAs issues.Issuer Name – A notable name for the CA that issued the certificate. The issuer name iscommonly represented by using an X.500 or LDAP format.Valid From – Provides the date and time from when the certificate becomes valid,Valid To – Provide the date and time when the certificate is no longer valid.Subject Name – A subject can be represented in many forms and formats. We can include auser’s account name in the format of an LDAP distinguished name, e-mail name, and a userprinciple name.Public Key – It contains the public key of the key pair that is related with the certificates.The Importance of X.509 certificate for information security: -Security and privacy has become very important for web-basedcommunications. Therefore, it is important to ensure that the information beingexchanged is not being read by any third parties. The SSL uses X.509certificates to validate connection endpoints. To allow the verification of theauthenticity of these certificates they are digitally signed by the CAs.The X.509 certificate is something that can be used in software to:• Verify aa individual’s identity so that we can ensure that the person isactually who they say they are• Enable us to send the person who owns the certificate encrypted data thatonly the are able to decrypt and analyze or read.The X.509 certificate can be used to do these things for more than just theindividual or people. They are heavily used by software application orcomputers to do this amongst themselves as well.In addition to verifying our identity, the X.509 certificates can also be used tosecure data intended for us so that any outside threats or third party individualwon’t be able to see it. It basically does this through a mathematical conceptknown as asymmetric key cryptography.How various cryptographic function are employed in X.509 certificate.We know that in symmetric encryption a single key is used to both encrypt anddecrypt the information or traffic. Common symmetric encryption algorithmsinclude DES, 3DES, AES and RC4. 3DES and AES are commonly used inIPsec and other types of VPNs.Asymmetric Encryption on other hand is also known as public keycryptography. It uses two keys: one for encryption and other for decryption. Themost common algorithm used is RSA.And finally, Hashing is a form of cryptographic security which completelydiffers from the encryption. Unlike encryption hashing reduces a message intoan unalterable fixes length value or hash. Most common algorithm seen innetworking is the MD5 and SHA-1.We have to keep in mind that sending a public key over an insecure channelopens one up to a man in the middle attack, which is why in the X.509certificate of SSL, the key is signed by a mutually trusted third party.Another interesting aspect of the public key cryptography is that the secret keycan also be used to encrypt the data and the public key can then decrypt it.That’s how the digital signature or digital certificates work. Private key encryptsa hash of the message. If the private key decrypts it and calculates the samehash, the certificate of signature is validated.