The digital certificate contains specific pieces of information
about the identity of the certificate owner and about the certification
authority. See the following figure for an illustration of a digital
certificate.
Figure 1. Contents of a Digital Certificate
This illustration shows the four entities of a digital certificate.
From the top they are, Owner's Distinguished Name, Owners Public Key,
Issuer's (CA) Distinguished Name, and Issuer's Signature.
The following list further describes the contents of the digital
certificate:
Owner's Distinguished Name
Combination of the owner's common name and context (position)
in the directory tree. In the following figure of a simple directory
tree, for example, Prasad is the owner's common name and the context
is country=US, organization=ABC, lower organization=SERV; therefore,
the distinguished name is:
/C=US/O=ABC/OU=SERV/CN=prasad.austin.ibm.com
Figure 2. Example of Deriving Distinguished Name from Directory
Tree
This illustration is a directory tree with O=ABC at the top
level and branching to two entities on the second level. Level two
contains OU=AIX and OU=Acctg on separate branches; each has a branch
leading to a single entity on the last level. The last level contains
CN=Prasad and CN=Peltier respectively.
Owner's Public Key
Used by the recipients to decrypt data.
Subject Alternate Name
Can be an identifier such as an IP address, e-mail address, fully
qualified domain name, and so on.
Issue Date
Date the digital certificate was issued.
Expiration Date
Date the digital certificate expires.
Issuer's Distinguished Name
Distinguished name of the Certification Authority.
