Showing results for 
Search instead for 
Did you mean: 
Steven Ochmanski
Cisco Employee
Cisco Employee



X.509 Digital Certificates


Complete Definition

X.509 is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public key Digital Certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.


In the X.509 system, a CA issues a certificate binding a public key to a particular Distinguished Name in the X.500 tradition, or to an Alternative Name such as an e-mail address or a DNS-entry.


An organization's trusted root certificates can be distributed to all employees so that they can use the company PKI system. X.509 also includes standards for certificate revocation list (CRL) implementations, an often neglected aspect of PKIsystems. The IETF-approved way of checking a certificate's validity is the Online Certificate Status Protocol (WebVPN/SSL VPN does not work with Public Key Infrastructure (PKI) and Online Certificate Status Protocol (OCSP) on the Cisco Adaptive Security Appliance (ASA)/PIX 7.2(1) and above). Popular browsers like Internet Explorer and Firefox don't check for certificate revocation by default. The time lag for performing the checking could be one of the reasons.


X.509 Wikipedia Definition



  • PKIX for Public Key Infrastructure (X.509) - RFC 3280


Also See:

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Quick Links