Public Key Infrastructure

X.509 certificates

A certificate is a signed statement that binds a public key to a name. The signer is a Certificate Authority (CA). The format is X.509 — a binary structure typically encoded as DER, often base64-wrapped as PEM:

-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgI...
-----END CERTIFICATE-----

What's inside

• Subject — the name being certified (typically a hostname).
• Subject Public Key — the key being attested.
• Issuer — the CA that signed this certificate.
• Validity period — Not Before, Not After.
• Serial number — uniquely identifies the certificate within the issuer.
• Extensions — Subject Alternative Names, key usage, CRL/OCSP URLs, etc.
• Signature — the CA's signature over the rest.

Chains of trust

Browsers and operating systems ship with a built-in root store — a curated list of root CAs that they trust. A real certificate is signed not by the root directly but by an intermediate CA whose certificate was in turn signed by the root. Verifying a server certificate means walking that chain up to a trusted root.

Server cert → Intermediate CA → Root CA (trust anchor)

Revocation

Two mechanisms address compromised or mis-issued certificates:

• CRL — Certificate Revocation List. Periodically downloaded. Slow to react and bulky.
• OCSP — Online Certificate Status Protocol. Real-time checks against the CA. Latency and privacy concerns.
• OCSP stapling — the server attaches a recent OCSP response to its TLS handshake.
• Short-lived certificates — modern operational answer: keep validity periods to days or weeks so revocation matters less.

Certificate Transparency

CAs are required to publish every certificate they issue to public, append-only logs. Browsers refuse certificates that aren't in the logs. This makes mass mis-issuance (whether malicious or accidental) detectable.