| Several modifications have been made to the features and information content of X.509 certificate versions. -
X.509 V1 has been available since 1988, is widely deployed, and is the most generic. -
X.509 V2 introduced the concept of subject and issuer unique identifiers to handle the possibility of reuse of subject and/or issuer names over time. -
X.509 V3, available since 1996, supports the notion of extensions, whereby anyone can define an extension and include it in the certificate. Some common extensions in use today are -
KeyUsage, which limits the use of the keys to particular purposes, such as signing only. The associated private key should be used only for signing certificates, not for SSL. -
AlternativeNames, which allows other identities to also be associated with this public key: for example, DNS names, e-mail addresses, or IP addresses. |