Certificates and CryptoAPI

CryptoAPI supports using certificates as defined in the ITU-T recommendation X.509 (also, ISO/IEC 9594-8). This documentation assumes the use of an X.509 or comparable digital certificate.

An X.509 standard certificate contains the following information.

Field Description
Version Version number of the certificate.
Serial Number Serial number of the certificate.
Algorithm Identifier Signature algorithm used by the certificate signer.
Issuer Name Name of the issuer of the certificate.
Validity:  
Not Before (Date) Date before which the certificate is not valid.
Not After (Date) Date after which the certificate is not valid.
Subject Name Name of the person or entity to whom the certificate is being issued.
Subject Public Key Info:  
Algorithm Algorithm used for the public key.
Subject Public Key Actual public key (a bit string).
Optional Fields:  
Issuer Unique ID If present, version must be version 2.
Subject Unique ID If present, version must be version 2.
Extensions Optional field. Represents additional data that an issuer can want to add to a certificate, such as e-mail address or authorization to issue certificates.
If extensions are present, version must be version 3.  

See Also

Cryptography | Certificates | Enrolling for a Certificate

 Last updated on Thursday, April 08, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.