Cisco Secure Virtual Private Networks








4.2
Certificate
Generation



4.2.4
Digital
certificates






The X.509 certificate consists of
specific fields and values. The figure to the left shows an example of a
Microsoft Windows display of a certificate. The certificate has the
following values:

Certificate format version

Currently, X.509 version 1,
2, or 3


Certificate serial number

Unique certificate numerical
identifier in the CA domain
When a certificate is revoked,
it is the certificate number that is listed on the CRL


Signature algorithm

Identifies the CA's public key
and hashing algorithm


Issuer

Distinguished name of the CA


Validity period

Specifies the
start and expiration dates for the certificate


Subject X.500 name

 Distinguished name of
the entity holding the private key


Subject public key information

Specifies the subject's public
key and hashing algorithm


Extensions

Extends the certificate to
allow additional information

Subject alternative name
CRL distribution points
Additional information if
configured in the CA




CA signatureThe CA performs a hash function on the certificate contents and
the hash is then signed with the CA's private key to ensure
authenticity (Reference: RFC 2459).