Search RFCs
RFC 5280
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,May 2008
- File formats:
- Status:
- PROPOSED STANDARD
- Obsoletes:
- RFC 3280,RFC 4325,RFC 4630
- Updated by:
- RFC 6818,RFC 8398,RFC 8399,RFC 9549,RFC 9598,RFC 9608,RFC 9618
- Authors:
- D. Cooper
S. Santesson
S. Farrell
S. Boeyen
R. Housley
W. Polk - Stream:
- IETF
- Source:
- pkix (sec)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC5280
Discuss this RFC: Send questions or comments to the mailing listpkix@ietf.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 5280
Abstract
This memo profiles the X.509 v3 certificate and X.509 v2 certificaterevocation list (CRL) for use in the Internet. An overview of thisapproach and model is provided as an introduction. The X.509 v3certificate format is described in detail, with additional informationregarding the format and semantics of Internet name forms. Standardcertificate extensions are described and two Internet-specificextensions are defined. A set of required certificate extensions isspecified. The X.509 v2 CRL format is described in detail along withstandard and Internet-specific extensions. An algorithm for X.509 certificationpath validation is described. An ASN.1 module and examples areprovided in the appendices. [STANDARDS-TRACK]
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.