What is in a digital certificate

Digital certificates contain specific pieces of information, as determined by the X.509 standard.

Digital certificates that are used by Blueworx Voice Response comply with the X.509 standard, which specifies the information that is required and the format for sending it. X.509 is the Authentication framework part of the X.500 series of standards.

Digital certificates contain at least the following information about the entity that is being certified:

The owner’s public key.
The owner's Distinguished Name.
The Distinguished Name of the CA that issued the certificate.
The date from which the certificate is valid.
The expiry date of the certificate.
The version number of the certificate data format as defined in X.509. The current version of the X.509 standard is Version 3, and most certificates conform to that version.
A serial number, which is a unique identifier that is assigned by the CA that issued the certificate. The serial number is unique within the CA that issued the certificate. No two certificates that are signed by the same CA certificate have the same serial number.

An X.509 Version 2 certificate also contains an Issuer Identifier and a Subject Identifier, and an X.509 Version 3 certificate can contain a number of extensions. Some certificate extensions, such as the Basic Constraint extension, are standard, but others are implementation-specific. An extension can be critical, in which case a system must be able to recognize the field. If it does not recognize the field, it must reject the certificate. If an extension is not critical, the system can ignore it if does not recognize it.

The digital signature in a personal certificate is generated by using the private key of the CA that signed that certificate. Anyone who needs to verify the personal certificate can use the CA’s public key to do so. The CA’s certificate contains its public key.

Digital certificates do not contain your private key. You must keep your private key secret.