X509

X.509 is a standard published by ITU-T that specifies the format of public key certificates used in private and public key infrastructures. It originated from the X.500 directory services and defines how identities are bound to public keys and how certificates are issued, serialized, and validated. X.509 certificates are used to establish trust in TLS/SSL connections, email security (S/MIME), code signing, and other cryptographic protocols.

A certificate contains fields such as version, serialNumber, signatureAlgorithm, issuer, validity period, subject, and subjectPublicKeyInfo, plus

Extensions in X.509v3 convey constraints and capabilities, including basicConstraints (CA flag and path length), keyUsage (digitalSignature,

Trust is based on a hierarchy of Certification Authorities (CAs). A certificate chain leads from a leaf

X.509 is standardized in ITU-T X.509 and is profiled for Internet use in RFC 5280, which specifies