Interface common to certificates.
The features abstracted of Certificates include subject,
issuer, type, version, serial number, signing algorithm, dates of valid use,
and serial number.
Printable Representation for Binary Values
A non-string values in a certificate are represented as strings with each
byte as two hex digits (capital letters for A-F) separated by ":" (Unicode
U+003A).
For example: 0C:56:FA:80
Printable Representation for X.509 Distinguished Names
For a X.509 certificate the value returned is the printable verision of
the distingished name (DN) from the certificate.
An X.509 distinguished name of is set of attributes, each attribute is a
sequence of an object ID and a value. For string comparison purposes, the
following rules define a strict printable representation.
- There is no added white space around separators.
- The attributes are in the same order as in the certificate;
attributes are not reordered.
- If an object ID is in the table below, the label from the table
will be substituted for the object ID, else the ID is formatted as
a string using the binary printable representation above.
- Each object ID or label and value within an attribute will be
separated by a "=" (Unicode U+003D), even if the value is empty.
- If value is not a string, then it is formatted as a string using the
binary printable representation above.
- Attributes will be separated by a ";" (Unicode U+003B)
Labels for X.500 Distinguished Name Attributes
| Object ID |
Binary |
Label |
| id-at-commonName |
55:04:03 |
CN |
| id-at-surname |
55:04:04 |
SN |
| id-at-countryName |
55:04:06 |
C |
| id-at-localityName |
55:04:07 |
L |
| id-at-stateOrProvinceName |
55:04:08 |
ST |
| id-at-streetAddress |
55:04:09 |
STREET |
| id-at-organizationName |
55:04:0A |
O |
| id-at-organizationUnitName |
55:04:0B |
OU |
| emailAddress |
2A:86:48:86:F7:0D:01:09:01 |
EmailAddress |
Example of a printable distinguished name:
C=US;O=Any Company, Inc.;CN=www.anycompany.com |
