Home

X.509

Certificate Fields

Its Subject field describes Wikipedia as an organization, and its Subject Alternative Name (SAN) field for DNS describes the hostnames for which it could be used.

Subject field

The "Subject" field of a certificate contains information that identifies the entity (such as a person, organization, or device) to which the certificate is issued. Here’s a breakdown of its components and significance:

Components of the Subject Field

  1. Common Name (CN):
    • This is the primary identifier in the "Subject" field.
    • For TLS/SSL certificates, the Common Name typically represents the domain of the website (e.g., www.example.com).
    • For other types of certificates, it might represent the name of an individual or an organization.
    • In the case of wildcard certificates, it may appear as *.example.com.
  2. Organization (O): The legal name of the organization that owns the certificate.
  3. Organizational Unit (OU): A subdivision or department within the organization (optional).
  4. Country (C): The two-letter ISO code for the country where the organization is located (e.g., US for the United States).
  5. State or Province (ST): The state or province where the organization is registered (not always included).
  6. Locality (L): The city or locality of the organization (optional).
Certificate:
   Data:
       Subject: C=US, ST=California, L=San Francisco, O=Wikimedia Foundation, Inc., CN=*.wikipedia.org

In summary, the Subject field is a crucial part of a TLS/SSL certificate that provides identifying information about the certificate holder, helping to establish trust and secure communications.

Subject Alternative Name (SAN)

The Subject Alternative Name (SAN) field is an extension in a TLS/SSL certificate that allows the specification of additional identities for which the certificate is valid.

Purpose of the SAN Field

  1. Multiple Domain Support: The SAN field enables a single certificate to secure multiple domain names and subdomains. This is particularly useful for organizations that manage several websites or services.
  2. Flexibility: It provides flexibility in certificate management by allowing multiple domains to be covered under one certificate, reducing the need for multiple certificates.

Example of a SAN field:

Subject Alternative Name:
    DNS Name=www.example.com
    DNS Name=example.com
    DNS Name=mail.example.com
    IP Address=192.0.2.1

Summary

The Subject Alternative Name (SAN) field is an essential component of modern TLS/SSL certificates, allowing multiple domain names, IP addresses, and email addresses to be associated with a single certificate. This flexibility enhances security, simplifies certificate management, and ensures broader compatibility with web browsers and clients.

Certificate Thumbprint

A Certificate Thumbprint (or Fingerprint) is a unique identifier for a digital certificate. It is a hash value computed from the certificate's data using a cryptographic hash function such as SHA-1 or SHA-256.

The thumbprint can be used to verify the integrity of the certificate. If even a small change occurs in the certificate's data, the thumbprint will change, indicating that the certificate has been altered.

A certificate thumbprint is not a field within the certificate itself, but rather a unique identifier derived from the certificate.

Date:

Screen Dimensions