Reference document

Org
IETF
Pubnum
RFC 5280
Date
2008
Version
Title
Internet X.509 Public Key Infrastructure Certificate and CRL Profile

Applicability

This document profiles the X.509 v3 certificate and X.509 v2 CRL for use in the Internet. An overview of the approach and model are provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms (e.g., IP addresses). Standard certificate extensions are described and one new Internet-specific extension is defined. A required set of certificate extensions is specified. The X.509 v2 CRL format is described and a required extension set is defined as well. An algorithm for X.509 certificate path validation is described. Supplemental information is provided describing the format of public keys and digital signatures in X.509 certificates for common Internet public key encryption algorithms (i.e., RSA, DSA, and Diffie-Hellman). ASN.1 modules and examples are provided in the appendices.

Responsible Party

Name
FMN CPWG

Status

URI
https://www.ietf.org/rfc/rfc5280.txt

History

Flag Date RFC Version
added 2010-12-05 5.0
changed 2011-06-14 5-20 6.0
changed 2017-01-14 9-17 10.0
UUID
00bc89ae-3f33-4cb8-b9be-70bb7e861292

Relationships

This standard is used by the following service profiles: