a public key with some extra components to help ensure trust relationships:
certificates can be signed by a CA, but always have:
- version (usually X.509)
- certificate serial number
- signature algorithm identifier
- certificate issuer name
- certificate validity period
- subjects Common Name CN
- public key Optional
- Subject Alternative Names SANs
certificate authorities registration authorities certificate enrolment certificate verification certificate pinning certificate revocation certificate formats Self-signed Third-party root of trust certificate signing request CSR wildcard certificate