Cisco Cisco Web Security Appliance S670 User Guide

X.509 certificates contain the following information:

Subject’s identity, such as the name of a person, server, or organization

Certificate validity period

Certificate authority who is vouching for the certificate

Digital signature of the certificate created by the certificate authority using its 
private key

Public key of the subject

For an example digital certificate you can view from a web browser, see 

.

Although anyone can create a digital certificate, not everyone can get a 
well-respected certificate authority to vouch for the certificate’s information and 
sign the certificate with its private key. For more information about validating the 
certificate authority in a digital certificate, see 

The X.509 standard allows certificate authorities to issue digital certificates that 
are signed by other certificate authorities. Due to this system, there is a hierarchy 
of certificate authorities in a tree structure.

The top-most certificate authorities in the tree structure are called root 
certificates. Root certificates are not signed by a separate certificate authority 
because they are at the top of the tree structure. Therefore, by definition, all root 
certificates are self-signed certificates. The certificate authority listed in the root 
certificate is the certificate creator.

All certificates below the root certificate inherit the trustworthiness of the root 
certificate. For example, if CertificateAuthorityABC is a trusted certificate 
authority and it signs the certificate for certificate authority 
CertificateAuthorityXYZ, then CertificateAuthorityXYZ is automatically a 
trusted certificate authority.

 shows the certification path for a certificate viewed in a web browser.