X.509 是密码学里公钥证书的格式标准。 X.509 证书己应用在包括TLS/SSL在内的众多 Intenet协议里.同时它也用在很多非在线应用场景里,比如电子签名服务。X.509证书里含有公钥、身份信息(比如网络主机名,组织的名称或个体名称等)和签名信息(可以是证书签发机构CA的签名,也可以是自签名)。对于一份经由可信的证书签发机构签名或者可以通过其它方式验证的证书,证书的拥有者就可以用证书及相应的私钥来创建安全的通信,对文档进行数字签名.
可以通过在浏览器里导出获得:
用记事本打开这个base64 encode的509证书:
When using SSL/TLS to protect network communication, the server of the communication scenario is typically authenticated by an X.509 certificate, and there is a convention to identify the server by matching the server hostname from the connection parameters (such as the URL) to name attributes in the certificate. This matching is called “server endpoint identification”, and was first described in Section 3.1 of rfc2818 “HTTP over TLS” based on the behaviour implemented in common web browsers at the time. Similar checking of server endpoint identification has been adopted by other protocols that use TLS, and has been described in rfc6125.
