Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
X.509
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{short description|Standard defining the format of public key certificates}} {{Infobox technology standard | title = X.509 | long_name = Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks | image = | caption = | status = In force (Recommendation) | year_started = | version = 9.2 | version_date = {{Start date and age|2023|10|29}} | preview = | preview_date = | organization = [[ITU-T]] | committee = [[ITU-T Study Group 17]] | base_standards = [[ASN.1]] | related_standards = ISO/IEC 9594-8:2020, [[X.500]] | abbreviation = | domain = [[Cryptography]] | license = | website = {{URL|https://www.itu.int/rec/T-REC-X.509}} |series = X |alt= |first_published=1.0 at {{Start date and age|1988|11|25}} }} In [[cryptography]], '''X.509''' is an [[International Telecommunication Union]] (ITU) standard defining the format of [[public key certificate]]s.<ref>{{cite web|url=https://www.itu.int/rec/T-REC-X.509|title=X.509: Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks|publisher=ITU|access-date=6 November 2019}}</ref> X.509 certificates are used in many Internet protocols, including [[Transport Layer Security|TLS/SSL]], which is the basis for [[HTTPS]],<ref name="rfc4158" /> the secure protocol for browsing the [[World Wide Web|web]]. They are also used in offline applications, like [[electronic signature]]s.<ref>{{Cite web |title=Monumental Cybersecurity Blunders |url=https://circleid.com/posts/20220513-monumental-cybersecurity-blunders |access-date=2022-09-03 |website=circleid.com |language=en}}</ref> An X.509 certificate binds an identity to a public key using a digital signature. A certificate contains an identity (a hostname, or an organization, or an individual) and a public key ([[RSA (cryptosystem)|RSA]], [[DSA (cryptography)|DSA]], [[ECDSA]], [[ed25519]], etc.), and is either signed by a certificate authority or is self-signed. When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can use the public key it contains to establish secure communications with another party, or validate documents [[Digital signature|digitally signed]] by the corresponding [[private key]]. X.509 also defines [[certificate revocation list]]s, which are a means to distribute information about certificates that have been deemed invalid by a signing authority, as well as a [[certification path validation algorithm]], which allows for certificates to be signed by intermediate CA certificates, which are, in turn, signed by other certificates, eventually reaching a [[trust anchor]]. X.509 is defined by the ITU's "Standardization Sector" ([[ITU-T]]'s [[ITU-T Study Group 17|SG17]]), in ITU-T Study Group 17 and is based on [[Abstract Syntax Notation One]] (ASN.1), another ITU-T standard.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)