In cryptography, an X.509 certificate is a digital certificate based on the widely accepted International Telecommunications Union (ITU) X. 509 standard, which defines the format of public-key infrastructure (PKI) certificates. They are used to manage identity and security in internet communications and computer networking. An X.509 is also used in offline applications, like electronic signatures.
An X.509 certificate binds an identity to a public key using a digital signature. A certificate contains an identity (a hostname, or an organization, or an individual) and public key (RSA, DSA, ECDSA, ed25519, etc.), and is either signed by a certificate authority or self-signed. When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can use the public key it contains to establish secure communications with another party, or validate documents digitally signed by the corresponding private key.
X.509 also defines certificate revocation lists, which are a means to distribute information about certificates that have been deemed invalid by a signing authority, as well as a certification path validation algorithm, which allows for certificates to be signed by intermediate CA (Certificate Authority) certificates, which are, in turn, signed by other certificates, eventually reaching a trust anchor.
X.509 is defined by the International Telecommunications Union’s “Standardization Sector” (ITU-T), in ITU-T Study Group 17 and is based on ASN.1, another ITU-T standard.
